Detections
Analytics

800-53|SI-4(5)

Title

SYSTEM-GENERATED ALERTS

Description

The information system alerts [Assignment: organization-defined personnel or roles] when the following indications of compromise or potential compromise occur: [Assignment: organization-defined compromise indicators].

Supplemental

Alerts may be generated from a variety of sources, including, for example, audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the notification list can include, for example, system administrators, mission/business owners, system owners, or information system security officers.

Reference Item Details

Related: AU-5,PE-6

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1.1.1.1.11 Configure 'Windows Firewall: Prohibit notifications'WindowsCIS Windows 2003 MS v3.1.0
1.2.1.1.1.1.11 Configure 'Windows Firewall: Prohibit notifications'WindowsCIS Windows 2003 DC v3.1.0
1.2.1.1.1.2.8 Configure 'Windows Firewall: Prohibit notifications'WindowsCIS Windows 2003 DC v3.1.0
1.2.1.1.1.2.8 Configure 'Windows Firewall: Prohibit notifications'WindowsCIS Windows 2003 MS v3.1.0
1.4.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.5.9 Windows Firewall: Display a notification (Domain)WindowsCIS Windows 2008 Enterprise v1.2.0
1.5.9 Windows Firewall: Display a notification (Domain)WindowsCIS Windows 2008 SSLF v1.2.0
1.5.10 Windows Firewall: Display a notification (Private)WindowsCIS Windows 2008 Enterprise v1.2.0
1.5.10 Windows Firewall: Display a notification (Private)WindowsCIS Windows 2008 SSLF v1.2.0
1.5.11 Windows Firewall: Display a notification (Public)WindowsCIS Windows 2008 Enterprise v1.2.0
1.5.11 Windows Firewall: Display a notification (Public)WindowsCIS Windows 2008 SSLF v1.2.0
1.5.18 Windows Firewall: Prohibit notifications (Domain)WindowsCIS Windows 2008 SSLF v1.2.0
1.5.18 Windows Firewall: Prohibit notifications (Domain)WindowsCIS Windows 2008 Enterprise v1.2.0
1.5.19 Windows Firewall: Prohibit notifications (Standard)WindowsCIS Windows 2008 SSLF v1.2.0
1.5.19 Windows Firewall: Prohibit notifications (Standard)WindowsCIS Windows 2008 Enterprise v1.2.0
1.6.3 Configure Netflow on Strategic PortsCiscoCIS Cisco NX-OS L2 v1.1.0
1.12 Ensure host-based intrusion detection tool is used - mcafeetp packageUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mfetpd processUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.0.0 L1
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
2.2 Enable Auto-Notification of Outdated PluginsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
2.2 Enable Auto-Notification of Outdated PluginsWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura v2.0.0 L1
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
2.3 Enable Information Bar for Outdated PluginsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
2.3 Enable Information Bar for Outdated PluginsWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
2.4.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v3.0.0 L1
2.5.2.2 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
3.3.2 Configure Storm ControlCiscoCIS Cisco NX-OS L2 v1.1.0
4.1 Ensure a SNS topic is created for sending out notifications from Cloudtwatch Alarms and Auto-Scaling Groups - CloudwatchAlarmsamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
4.2 Ensure a SNS topic is created for sending out notifications from RDS events - RDS Event Subscriptionsamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
8.3 Block Reported Web ForgeriesUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
8.3 Block Reported Web ForgeriesWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows Server 2012 DC L1 v2.1.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.2.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.1.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows Server 2012 MS L1 v2.1.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 v3.1.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'WindowsCIS Windows Server 2012 R2 MS L1 v2.4.0