Detections
Analytics

CSCv6|6.5

Title

Configure network boundary devices, including firewalls, network-based IPS, and inbound and outbound proxies, to verbosely log all traffic (both allowed and blocked) arriving at the device.

Description

Configure network boundary devices, including firewalls, network-based IPS, and inbound and outbound proxies, to verbosely log all traffic (both allowed and blocked) arriving at the device.

Reference Item Details

Category: Maintenance, Monitoring, and Analysis of Audit Logs

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
2.2 Ensure that WMI probing is disabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.5 Ensure all WildFire session information settings are enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.5 Ensure all WildFire session information settings are enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.5 Ensure all WildFire session information settings are enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire'Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - Log Container PagePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - Log Container PagePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - Log Container PagePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - RefererPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - RefererPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - RefererPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - User-AgentPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - User-AgentPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - User-AgentPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - X-Forwarded-ForPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - X-Forwarded-ForPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.12 Ensure all HTTP Header Logging options are enabled - X-Forwarded-ForPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
7.3 Ensure 'Security Policy' denying any/all traffic exists at the bottom of the security policies rulesetPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
7.3 Ensure 'Security Policy' denying any/all traffic exists at the bottom of the security policies rulesetPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0