CSCv7|8.6

Title

Centralize Anti-malware Logging

Description

Send all malware detection events to enterprise anti-malware administration tools and event log servers for analysis and alerting.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Attempt to clean	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Download Scan	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Upload Scan	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
4.2.3 Enable Outbreak Prevention Database	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
4.3.1 Enable Botnet C&C Domain Blocking DNS Filter	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
4.5 Ensure 'Message tracking logging' is set to 'True'	Windows	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
4.5 Ensure 'Message tracking logging' is set to 'True'	Windows	CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
5.4 Ensure all WildFire session information settings are enabled	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
5.5 Ensure alerts are enabled for malicious files detected by WildFire	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
5.5 Ensure all WildFire session information settings are enabled	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
5.5 Ensure all WildFire session information settings are enabled	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire'	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire'	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
8.3.1 Centralized Logging and Reporting	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
18.9.77.7.1 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.77.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1