CSCv7|6.5

Title

Central Log Management

Description

Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.

Reference Item Details

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

NamePluginAudit Name
17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0