CSCv7|6.5

Title

Central Log Management

Description

Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 DC L1 v2.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 DC L1 v2.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0

Detections

Analytics

CSCv7|6.5

Title

Description

Reference Item Details

Audit Items