CSCv7|6.8

Title

Regularly Tune SIEM

Description

On a regular basis, tune your SIEM system to better identify actionable events and decrease event noise.

Reference Item Details

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
2.1.19 Ensure That 'Notify about alerts with the following severity' is Set to 'High'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
2.1.20 Ensure That 'Notify about alerts with the following severity' is Set to 'High'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 15 L1 v4.1.1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 16 L1 v1.1.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 16 L1 v1.1.2
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 16 L1 v2.0.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 17 L1 v1.0.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 15 L1 v4.1.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 16 L1 v1.1.1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 17 L1 v2.0.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
2.3.3 Ensure That 'Notify about alerts with the following severity' is Set to 'High'microsoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
2.12 Ensure centralized and remote logging is configuredUnixCIS Docker v1.2.0 L2 Docker Linux
2.13 Ensure centralized and remote logging is configuredUnixCIS Docker v1.6.0 L2 Docker Linux
2.13 Ensure centralized and remote logging is configuredUnixCIS Docker v1.3.1 L2 Docker Linux
2.13 Ensure centralized and remote logging is configuredUnixCIS Docker v1.5.0 L2 Docker Linux
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L2 v1.0.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L1 v1.1.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L1 v1.0.0
3.3 Ensure that 'Enable key rotation reminders' is enabled for each Storage Accountmicrosoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
3.3 Ensure that 'Enable key rotation reminders' is enabled for each Storage Accountmicrosoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
3.3 Ensure that 'Enable key rotation reminders' is enabled for each Storage Accountmicrosoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 9 Workstation L1 v1.0.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 8 Server L1 v2.0.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 8 Workstation L1 v2.0.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 9 Server L1 v1.0.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS AlmaLinux OS 8 Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS Linux 8 Server L1 v1.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Distribution Independent Linux Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 8 Server L1 v1.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 8 Workstation L1 v1.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat 6 Server L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 8 Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 8 Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat EL8 Workstation L1 v1.0.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS Linux 8 Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS AlmaLinux OS 8 Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat EL8 Server L1 v1.0.1