CSCv7|6.8

Title

Regularly Tune SIEM

Description

On a regular basis, tune your SIEM system to better identify actionable events and decrease event noise.

Reference Item Details

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 17 L1 v1.0.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 16 L1 v1.1.2
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 15 L1 v4.1.1
2.3.3 Ensure That 'Notify about alerts with the following severity' is Set to 'High'microsoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
2.13 Ensure centralized and remote logging is configuredUnixCIS Docker v1.3.1 L2 Docker Linux
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L1 v1.0.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L2 v1.0.0
3.3 Ensure that 'Enable key rotation reminders' is enabled for each Storage Accountmicrosoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
4.1.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 9 Server L1 v1.0.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 8 Server L1 v2.0.2
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 8 Workstation L1 v2.0.2
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 9 Workstation L1 v1.0.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian Family Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS 7 v3.1.2 Workstation L1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Amazon Linux 2 v2.0.0 L1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat 6 Server L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v1.1.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS 6 Server L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS 7 v3.1.2 Server L1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 10 Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian 10 Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 7 Workstation L1 v3.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 7 Server L1 v3.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Distribution Independent Linux Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Oracle Linux 6 Server L1 v2.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat EL7 Workstation L1 v3.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 20.04 LTS Server L1 v1.1.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS CentOS 6 Workstation L1 v3.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Red Hat EL7 Server L1 v3.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Debian Family Server L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.UnixCIS SUSE Linux Enterprise Server 12 L1 v3.1.0
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.UnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1