Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.4.2 Set 'buffer size'CIS Cisco IOS XR 7.x v1.0.0 L1Cisco

AUDIT AND ACCOUNTABILITY

1.4.6 Set logging timestampsCIS Cisco IOS XR 7.x v1.0.0 L1Cisco

AUDIT AND ACCOUNTABILITY

1.10.6 Ensure 'logging with timestamps' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'CIS Windows Server 2012 R2 DC L1 v3.0.0Windows

AUDIT AND ACCOUNTABILITY

2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

AUDIT AND ACCOUNTABILITY

2.2.2 Set 'buffer size' for 'logging buffered'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

AUDIT AND ACCOUNTABILITY

2.2.7 Set 'logging source interface'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

AUDIT AND ACCOUNTABILITY

2.3.11.11 (L1) Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts'CIS Microsoft Windows Server 2016 v3.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

2.3.11.11 Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

2.3.11.12 (L1) Ensure 'Network security: Restrict NTLM: Audit NTLM authentication in this domain' is set to 'Enable all' (DC only)CIS Microsoft Windows Server 2019 v3.0.1 L1 DCWindows

AUDIT AND ACCOUNTABILITY

2.3.11.13 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higherCIS Microsoft Windows Server 2019 v3.0.1 L1 MSWindows

AUDIT AND ACCOUNTABILITY

2.3.11.13 Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higherCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

AUDIT AND ACCOUNTABILITY

2.3.11.14 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higherCIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

AUDIT AND ACCOUNTABILITY

2.3.11.14 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higherCIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

3.1.3 Set Diagnostic Logging to Capture Errors and Warnings (DIAGLEVEL)CIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix

AUDIT AND ACCOUNTABILITY

3.1.11 Ensure syslog messages are not suppressedCIS PostgreSQL 14 DB v 1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.11 Ensure syslog messages are not suppressedCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.2.2 Ensure that the audit policy covers key security concernsCIS Kubernetes v1.23 Benchmark v1.0.1 L2 MasterUnix

AUDIT AND ACCOUNTABILITY

4.1 Ensure 'Receive connector: Configure protocol logging' is set to 'Verbose'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

AUDIT AND ACCOUNTABILITY

4.1.3.1 Ensure changes to system administration scope (sudoers) is collectedCIS CentOS Linux 8 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.7 Ensure unsuccessful file access attempts are collectedCIS CentOS Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.21 Ensure the running and on disk configuration is the sameCIS CentOS Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 clock_settimeCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/groupCIS Red Hat 6 Workstation L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - rules.d /etc/passwdCIS Red Hat 6 Workstation L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - b32 setxattrCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERMCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoersCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - auditctl rmmodCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - init_moduleCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - modprobeCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins'CIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins'CIS SQL Server 2022 Database L1 AWS RDS v1.1.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

6.2.3 Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'CIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

6.2.4 Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set AppropriatelyCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY

6.2.7 Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1' (Disabled)CIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

6.3 Ensure 'log_warnings' is Set to '2'CIS MariaDB 10.6 Database L2 v1.1.0MySQLDB

AUDIT AND ACCOUNTABILITY

6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUSCIS MySQL 5.7 Enterprise Database L2 v2.0.0MySQLDB

AUDIT AND ACCOUNTABILITY

7.1 Application specific loggingCIS Apache Tomcat 10 L2 v1.1.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web applicationCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin defaultCIS Apache Tomcat 10 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in defaultCIS Apache Tomcat 10 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in defaultCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in productionCIS Apache Tomcat 10 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY