Detections
Analytics

CSCv7|6.5

Title

Central Log Management

Description

Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.

Reference Item Details

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.116 UBTU-22-651035UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.174 UBTU-24-900950UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
2.3.2.2 (L1) Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
3.1 (L1) Ensure a centralized location is configured to collect ESXi host core dumpsUnixCIS VMware ESXi 7.0 v1.5.0 L1 Bare Metal
3.1 Ensure a centralized location is configured to collect ESXi host core dumpsUnixCIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal
3.1 Ensure a centralized location is configured to collect ESXi host core dumpsUnixCIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
3.3 (L1) Ensure remote logging is configured for ESXi hostsVMwareCIS VMware ESXi 7.0 v1.5.0 L1
3.3 Ensure remote logging is configured for ESXi hostsVMwareCIS VMware ESXi 6.7 v1.3.0 Level 1
3.5 Ensure error logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Webserver
3.5 Ensure error logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Loadbalancer
3.5 Ensure error logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Proxy
3.6 Ensure access logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Loadbalancer
3.6 Ensure access logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Proxy
3.6 Ensure access logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Webserver
4.1.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
4.2 (L1) Host must transmit system logs to a remote log collectorVMwareCIS VMware ESXi 8.0 v1.2.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Debian Family Server L1 v1.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Fedora 28 Family Linux Workstation L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS CentOS Linux 8 Server L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Debian Family Workstation L1 v1.0.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Aliyun Linux 2 L1 v1.0.0
4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts. - $InputTCPServerRunUnixCIS Aliyun Linux 2 L1 v1.0.0
4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts. - $ModLoadUnixCIS Aliyun Linux 2 L1 v1.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Distribution Independent Linux Server L1 v2.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS SUSE Linux Enterprise 12 v3.2.1 L1 Server
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Amazon Linux 2 STIG v2.0.0 L1 Server
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Amazon Linux 2 STIG v2.0.0 L1 Workstation
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Debian Family Server L1 v1.0.0
17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.4.13 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.13 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1