CSCv7|8.7

Title

Enable DNS Query Logging

Description

Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - dns policies	GCP	CIS Google Cloud Platform v2.0.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - vpc networks	GCP	CIS Google Cloud Platform v2.0.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
4.3.1 Enable Botnet C&C Domain Blocking DNS Filter	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0