CSCv7|6.6

Title

Deploy SIEM or Log Analytic tool

Description

Deploy Security Information and Event Management (SIEM) or log analytic tool for log correlation and analysis.

Reference Item Details

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.7 Ensure logging data is monitoredJuniperCIS Juniper OS Benchmark v2.1.0 L1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 16 L1 v2.0.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 15 L1 v4.1.1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 17 L1 v2.0.0
2.13 Ensure centralized and remote logging is configuredUnixCIS Docker v1.6.0 L2 Docker Linux
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat 6 Server L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS 6 Server L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 6 Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Distribution Independent Linux Server L1 v2.0.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Debian 8 Workstation L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Debian 9 Workstation L1 v1.0.1
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Debian 8 Server L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Debian 9 Server L1 v1.0.1
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Debian 8 Server L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Debian 9 Server L1 v1.0.1
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Debian 8 Workstation L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Debian 9 Workstation L1 v1.0.1
5.3 Ensure 'ETW Logging' is enabledWindowsCIS IIS 10 v1.2.1 Level 1
5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3CWindowsCIS IIS 10 v1.2.1 Level 1
5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3C with ETW targetWindowsCIS IIS 10 v1.2.1 Level 1
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf <VirtualHost> Syslog is configured'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf <VirtualHost> Syslog is configured'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf Syslog is configured'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf Syslog is configured'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'Main'UnixCIS Apache HTTP Server 2.4 L2 v2.1.0
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'VirtualHost'UnixCIS Apache HTTP Server 2.4 L2 v2.1.0
6.2 Ensure a Syslog Facility Is Configured for Error Logging - MainUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
6.2 Ensure a Syslog Facility Is Configured for Error Logging - VirtualHostUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
9.3 Configure a Logging Syslog ChannelUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
9.3 Configure a Logging Syslog ChannelUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server