Item Search

Name	Audit Name	Plugin	Category
4.1.3.3 Ensure session initiation information is collected - utmp	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
4.1.3.13 Ensure login and logout events are collected - /var/log/lastlog	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation	Unix	AUDIT AND ACCOUNTABILITY
4.1.16 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.log	CIS Debian 8 Workstation L2 v2.0.2	Unix	AUDIT AND ACCOUNTABILITY
4.2.1.3 Ensure journald is configured to send logs to rsyslog	CIS CentOS Linux 8 Server L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.2.3 Ensure journald is configured to compress large log files	CIS CentOS Linux 8 Server L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.2.2.3 Ensure journald is configured to compress large log files	CIS CentOS Linux 8 Workstation L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.3 Ensure journald is configured to compress large log files	CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.3 Ensure journald is configured to send logs to rsyslog	CIS Oracle Linux 7 v4.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.3 Ensure journald is configured to send logs to rsyslog	CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.3 Ensure journald is configured to send logs to rsyslog	CIS Red Hat EL8 Workstation L1 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.3 Ensure journald is configured to send logs to rsyslog	CIS Rocky Linux 8 Server L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.3 Ensure journald is configured to send logs to rsyslog	CIS Rocky Linux 8 Workstation L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.1.5 Ensure journald is not configured to send logs to rsyslog	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.3 Ensure journald is configured to compress large log files	CIS AlmaLinux OS 8 Workstation L1 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.3 Ensure journald is configured to compress large log files	CIS Red Hat EL8 Server L1 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.3 Ensure journald is configured to compress large log files	CIS Oracle Linux 7 v4.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.3 Ensure journald is configured to compress large log files	CIS Amazon Linux 2023 Server L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.3 Ensure journald is configured to compress large log files	CIS CentOS Linux 7 v4.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.3 Ensure journald is configured to send logs to rsyslog	CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.5 Ensure journald is not configured to send logs to rsyslog	CIS Oracle Linux 7 v4.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.5 Ensure journald is not configured to send logs to rsyslog	CIS Oracle Linux 7 v4.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.5 Ensure journald is not configured to send logs to rsyslog	CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
5.1.2.5 Ensure journald is not configured to send logs to rsyslog	CIS Rocky Linux 8 Server L1 v2.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.12 Ensure login and logout events are collected	CIS Amazon Linux 2 v3.0.0 L2	Unix	AUDIT AND ACCOUNTABILITY
5.2.3.12 Ensure login and logout events are collected	CIS Oracle Linux 8 Server L2 v3.0.0	Unix	AUDIT AND ACCOUNTABILITY
6.1.2.3 Ensure journald Compress is configured	CIS Debian Linux 12 v1.1.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
6.1.2.3 Ensure journald Compress is configured	CIS Debian Linux 12 v1.1.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.1.3.3 Ensure journald is configured to send logs to rsyslog	CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.1.3.3 Ensure journald is configured to send logs to rsyslog	CIS Debian Linux 12 v1.1.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.2.1.1.6 Ensure journald Compress is configured	CIS Debian Linux 11 v2.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.1.1.6 Ensure journald Compress is configured	CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.1.1.6 Ensure journald Compress is configured	CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.2.2.3 Ensure journald Compress is configured	CIS AlmaLinux OS 9 v2.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.2.3 Ensure journald Compress is configured	CIS Oracle Linux 9 v2.0.0 L1 Server	Unix	AUDIT AND ACCOUNTABILITY
6.2.3.3 Ensure journald is configured to send logs to rsyslog	CIS Oracle Linux 9 v2.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.2.3.4 Ensure journald is configured to send logs to rsyslog	CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation	Unix	AUDIT AND ACCOUNTABILITY
6.3 (L1) Ensure 'Account Logon Logoff Audit Group Membership' is set to include 'Success'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	AUDIT AND ACCOUNTABILITY
6.3.3.12 Ensure login and logout events are collected	CIS AlmaLinux OS 9 v2.0.0 L2 Server	Unix	AUDIT AND ACCOUNTABILITY
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	AUDIT AND ACCOUNTABILITY
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1	Windows	AUDIT AND ACCOUNTABILITY
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	AUDIT AND ACCOUNTABILITY
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	AUDIT AND ACCOUNTABILITY
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG	Windows	AUDIT AND ACCOUNTABILITY
SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 104'	DISA STIG SQL Server 2012 DB Instance Security v1r20	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 108'	DISA STIG SQL Server 2012 DB Instance Security v1r20	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 117'	DISA STIG SQL Server 2012 DB Instance Security v1r20	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 129'	DISA STIG SQL Server 2012 DB Instance Security v1r20	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 134'	DISA STIG SQL Server 2012 DB Instance Security v1r20	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 152'	DISA STIG SQL Server 2012 DB Instance Security v1r20	MS_SQLDB	AUDIT AND ACCOUNTABILITY
SQL2-00-013400 - SQL Server must audit attempts to bypass access controls - 'Event ID 175'	DISA STIG SQL Server 2012 DB Instance Security v1r20	MS_SQLDB	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search