Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Use a Split-Horizon ArchitectureCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1 Use a Split-Horizon ArchitectureCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

1.3.10 Ensure 'Password Profiles' do not existCIS Palo Alto Firewall 10 v1.1.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, PLANNING, PROGRAM MANAGEMENT, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

3.5 Ensure proxy-arp is disabledCIS Juniper OS Benchmark v2.1.0 L2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Ensure ICMP Redirects are set to disabled (on all untrusted IPv4 networks)CIS Juniper OS Benchmark v2.1.0 L1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Ensure ICMP Redirects are set to disabled (on all untrusted IPv6 networks)CIS Juniper OS Benchmark v2.1.0 L1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Ensure 'Antivirus Update Schedule' is set to download and install updates hourlyCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

4.1.4 Ensure Bogon Filtering is set (where EBGP is used)CIS Juniper OS Benchmark v2.1.0 L2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.5 Ensure Ingress Filtering is set for EBGP peersCIS Juniper OS Benchmark v2.1.0 L1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.6 Ensure RPKI is set for Origin Validation of EBGP peersCIS Juniper OS Benchmark v2.1.0 L2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsCIS Palo Alto Firewall 10 v1.1.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

4.6.1 Create administrative boundaries between resources using namespacesCIS Google Kubernetes Engine (GKE) v1.5.0 L1GCP

SYSTEM AND COMMUNICATIONS PROTECTION

5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access DisabledCIS Google Kubernetes Engine (GKE) v1.5.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.6.5 Ensure clusters are created with Private NodesCIS Google Kubernetes Engine (GKE) v1.5.0 L1GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every minuteCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

5.7.1 Create administrative boundaries between resources using namespacesCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.7.1 Create administrative boundaries between resources using namespacesCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.7.1 Create administrative boundaries between resources using namespacesCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.7.1 Create administrative boundaries between resources using namespacesCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.10 Ensure that the host's network namespace is not sharedCIS Docker v1.6.0 L1 Docker LinuxUnix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

5.31 Ensure that the host's user namespaces are not sharedCIS Docker v1.6.0 L1 Docker LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zonesCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actionsCIS Palo Alto Firewall 10 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actionsCIS Palo Alto Firewall 11 v1.0.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 11 v1.0.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 10 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

6.18 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actionsCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

6.19 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

6.19 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources ExistsCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - PoliciesCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY