Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.3.11.11 (L1) Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts'CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

2.3.11.11 (L1) Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts'CIS Microsoft Windows Server 2022 v3.0.0 L1 Member ServerWindows

AUDIT AND ACCOUNTABILITY

2.3.11.11 (L1) Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts'CIS Microsoft Windows Server 2019 v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

2.3.11.11 (L1) Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts'CIS Microsoft Windows Server 2019 v3.0.0 L1 Member ServerWindows

AUDIT AND ACCOUNTABILITY

2.3.11.12 (L1) Ensure 'Network security: Restrict NTLM: Audit NTLM authentication in this domain' is set to 'Enable all' (DC only)CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

2.3.11.12 (L1) Ensure 'Network security: Restrict NTLM: Audit NTLM authentication in this domain' is set to 'Enable all' (DC only)CIS Microsoft Windows Server 2019 v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

2.3.11.13 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higherCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

2.3.11.13 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higherCIS Microsoft Windows Server 2019 v3.0.0 L1 Domain ControllerWindows

AUDIT AND ACCOUNTABILITY

2.3.11.13 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higherCIS Microsoft Windows Server 2022 v3.0.0 L1 Member ServerWindows

AUDIT AND ACCOUNTABILITY

2.3.11.13 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higherCIS Microsoft Windows Server 2019 v3.0.0 L1 Member ServerWindows

AUDIT AND ACCOUNTABILITY

3.1 Ensure detailed logging is enabledCIS NGINX Benchmark v2.0.1 L1 ProxyUnix

AUDIT AND ACCOUNTABILITY

3.1.11 Ensure syslog messages are not suppressedCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.11 Ensure syslog messages are not suppressedCIS PostgreSQL 14 DB v 1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.11 Ensure syslog messages are not suppressedCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.12 Ensure syslog messages are not lost due to sizeCIS PostgreSQL 14 DB v 1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.12 Ensure syslog messages are not lost due to sizeCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.12 Ensure syslog messages are not lost due to sizeCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.2 Ensure access logging is enabledCIS NGINX Benchmark v2.0.1 L1 WebserverUnix

AUDIT AND ACCOUNTABILITY

3.2 Ensure access logging is enabledCIS NGINX Benchmark v2.0.1 L1 LoadbalancerUnix

AUDIT AND ACCOUNTABILITY

3.2 Ensure access logging is enabledCIS NGINX Benchmark v2.0.1 L1 ProxyUnix

AUDIT AND ACCOUNTABILITY

3.2.2 Ensure that the audit policy covers key security concernsCIS Kubernetes v1.23 Benchmark v1.0.1 L2 MasterUnix

AUDIT AND ACCOUNTABILITY

3.3 Ensure error logging is enabled and set to the info logging levelCIS NGINX Benchmark v2.0.1 L1 LoadbalancerUnix

AUDIT AND ACCOUNTABILITY

3.3 Ensure error logging is enabled and set to the info logging levelCIS NGINX Benchmark v2.0.1 L1 ProxyUnix

AUDIT AND ACCOUNTABILITY

4.1.3.21 Ensure the running and on disk configuration is the sameCIS CentOS Linux 8 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.3.21 Ensure the running and on disk configuration is the sameCIS CentOS Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_moduleCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_moduleCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - auditctl insmodCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - auditctl insmodCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - auditctl modprobeCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - auditctl modprobeCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - auditctl rmmodCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - auditctl rmmodCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - init_moduleCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - init_moduleCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - insmodCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - insmodCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - modprobeCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - modprobeCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - rmmodCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - rmmodCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - SUCCESSFUL_LOGIN_GROUPCIS SQL Server 2019 Database L1 AWS RDS v1.3.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

6.1.4 Ensure 'AuditBypassEnabled' is not enabled on mailboxesCIS Microsoft 365 Foundations E3 L1 v3.0.0microsoft_azure

AUDIT AND ACCOUNTABILITY

6.3 Ensure 'log_warnings' Is Set to '2'CIS MySQL 5.6 Enterprise Database L2 v2.0.0MySQLDB

AUDIT AND ACCOUNTABILITY

6.5 Ensure Audit Filters Capture Connection AttemptsCIS MySQL 5.7 Enterprise Database L1 v2.0.0MySQLDB

AUDIT AND ACCOUNTABILITY

6.5 Ensure Audit Filters Capture Connection Attempts - audit_log_filterCIS MySQL 5.7 Enterprise Database L1 v2.0.0MySQLDB

AUDIT AND ACCOUNTABILITY

6.5 Ensure Audit Filters Capture Connection Attempts - audit_log_userCIS MySQL 5.7 Enterprise Database L1 v2.0.0MySQLDB

AUDIT AND ACCOUNTABILITY

6.5 Ensure Audit Filters Capture Connection Attempts - Legacy Audit ModeCIS MySQL 5.7 Enterprise Database L1 v2.0.0MySQLDB

AUDIT AND ACCOUNTABILITY

6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUSCIS MySQL 5.7 Enterprise Database L2 v2.0.0MySQLDB

AUDIT AND ACCOUNTABILITY

6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUSCIS MySQL 8.0 Enterprise Database L2 v1.3.0MySQLDB

AUDIT AND ACCOUNTABILITY