CSCv7|6.2

Title

Activate audit logging

Description

Ensure that local logging has been enabled on all systems and networking devices.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1.1 Syslog logging should be configured	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.1.1.1 Syslog logging should be configured - configuration	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - configuration	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - hip match	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - hip match	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - host	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - host	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - ip-tag	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - ip-tag	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - system	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - system	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - user-id	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - user-id	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.2 SNMPv3 traps should be configured	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L2
1.1.1.2 SNMPv3 traps should be configured - configuration	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - configuration	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - hip match	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - hip match	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - host	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - host	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - ip-tag	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - ip-tag	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - user-id	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - user-id	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L2
1.1.2 Ensure 'Enable Log on High DP Load' is enabled	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.3 Ensure 'Enable Log on High DP Load' is enabled	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.1.3 Ensure 'Enable Log on High DP Load' is enabled	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.1.3 Ensure 'Enable Log on High DP Load' is enabled	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.4 Ensure Guest Users are reviewed at least biweekly	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v3.0.0
1.1.15 Ensure that the --audit-log-path argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.17 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.18 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.18 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.20 Ensure that the --audit-log-path argument is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.21 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.10.1 Ensure 'logging' is enabled	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.1 Ensure 'logging' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.5 Ensure 'logging with the device ID' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.5 Ensure 'logging with the device ID' is configured correctly	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
17.6.3 (L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.10.44.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + NG
18.10.44.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL + NG
18.10.44.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.44.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.44.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1
18.10.44.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL

Detections

Analytics

CSCv7|6.2

Title

Description

Reference Item Details

Audit Items