Detections
Analytics

CSCv6|6.6

Title

Deploy a SIEM (Security Information and Event Management) or log analytic tools for log aggregation and consolidation from multiple machines and for log correlation and analysis.

Description

Deploy a SIEM (Security Information and Event Management) or log analytic tools for log aggregation and consolidation from multiple machines and for log correlation and analysis. Using the SIEM tool, system administrators and security personnel should devise profiles of common events from given systems so that they can tune detection to focus on unusual activity, avoid false positives, more rapidly identify anomalies, and prevent overwhelming analysts with insignificant alerts.

Reference Item Details

Category: Maintenance, Monitoring, and Analysis of Audit Logs

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.12 Ensure centralized and remote logging is configuredUnixCIS Docker Community Edition v1.1.0 L2 Docker
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.confUnixCIS Amazon Linux v2.1.0 L1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.UnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat 6 Server L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS 6 Server L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 6 Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Distribution Independent Linux Server L1 v2.0.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver'UnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver'UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'log'UnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'log'UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Amazon Linux v2.1.0 L1
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Debian 8 Workstation L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Debian 8 Server L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Debian 8 Server L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Amazon Linux v2.1.0 L1
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Debian 8 Workstation L1 v2.0.2
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf <VirtualHost> Syslog is configured'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf <VirtualHost> Syslog is configured'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf Syslog is configured'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf Syslog is configured'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
6.6 Control the maximum size of a POST request that will be parsed for parameterUnixCIS Apache Tomcat 8 L1 v1.1.0
6.6 Control the maximum size of a POST request that will be parsed for parameterUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
8.3 Configure a Logging syslog Channel - syslogUnixCIS BIND DNS v3.0.1 Authoritative Name Server
8.3 Configure a Logging syslog Channel - syslogUnixCIS BIND DNS v3.0.1 Caching Only Name Server
9.3 Configure a Logging Syslog ChannelUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
9.3 Configure a Logging Syslog ChannelUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
Ensure rsyslog is configured to send logs to a remote log hostUnixTenable Cisco Firepower Management Center OS Best Practices Audit
Ensure syslog-ng is configured to send logs to a remote log hostUnixTenable Cisco Firepower Management Center OS Best Practices Audit
Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixTenable Cisco Firepower Management Center OS Best Practices Audit