CSCv7|8.7

Title

Enable DNS Query Logging

Description

Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks	GCP	CIS Google Cloud Platform v3.0.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
4.3.1 Enable Botnet C&C Domain Blocking DNS Filter	FortiGate	CIS Fortigate 7.0.x v1.3.0 L2
4.3.2 Ensure DNS Filter logs all DNS queries and responses	FortiGate	CIS Fortigate 7.0.x v1.3.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L1
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0