Detections
Analytics

CSCv6|8.5

Title

Use network-based anti-malware tools to identify executables in all network traffic and use techniques other than signature-based detection to identify and filter out malicious content before it arrives at the endpoint.

Description

Use network-based anti-malware tools to identify executables in all network traffic and use techniques other than signature-based detection to identify and filter out malicious content before it arrives at the endpoint.

Reference Item Details

Category: Malware Defenses

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.1 Ensure 'Antivirus Update Schedule' is set to download and install updates hourlyPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.1 Ensure that WildFire file size upload limits are maximizedPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.1 Ensure that WildFire file size upload limits are maximizedPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.1 Ensure that WildFire file size upload limits are maximizedPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profilesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profilesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profilesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.3 Ensure a WildFire Analysis profile is enabled for all security policiesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.3 Ensure a WildFire file blocking profile is enabled for all security policies allowing Internet traffic flowsPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.3 Ensure a WildFire file blocking profile is enabled for all security policies allowing Internet traffic flowsPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.5 Ensure all WildFire session information settings are enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.5 Ensure all WildFire session information settings are enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.5 Ensure all WildFire session information settings are enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFirePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire'Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every minutePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.1 Ensure at least one antivirus profile is set to block on all decoders except 'imap' and 'pop3'Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.1 Ensure at least one antivirus profile is set to block on all decoders except 'imap' and 'pop3'Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.1 Ensure that antivirus profiles are set to block on all decoders except 'imap' and 'pop3'Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.2 Ensure a secure antivirus profile is applied to all relevant security policiesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.2 Ensure a secure antivirus profile is applied to all relevant security policiesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.2 Ensure a secure antivirus profile is applied to all relevant security policiesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threatsPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threatsPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threatsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the InternetPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the InternetPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the InternetPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical/high, and set to default on medium, low, and infoPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical/high, and set to default on medium, low, and infoPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing trafficPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing trafficPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing trafficPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0