Detections
Analytics

CSCv7|8.7

Title

Enable DNS Query Logging

Description

Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains.

Reference Item Details

Category: Malware Defenses

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC NetworksGCPCIS Google Cloud Platform v3.0.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - dns policiesGCPCIS Google Cloud Platform v2.0.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - dns policiesGCPCIS Google Cloud Platform v1.3.0 L1
2.12 Ensure that Cloud DNS logging is enabled for all VPC networks - dns policiesGCPCIS Google Cloud Platform v1.1.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - vpc networksGCPCIS Google Cloud Platform v2.0.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - vpc networksGCPCIS Google Cloud Platform v1.3.0 L1
2.12 Ensure that Cloud DNS logging is enabled for all VPC networks - vpc networksGCPCIS Google Cloud Platform v1.1.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
4.3.1 Enable Botnet C&C Domain Blocking DNS FilterFortiGateCIS Fortigate 7.0.x Level 2 v1.2.0
4.3.1 Enable Botnet C&C Domain Blocking DNS FilterFortiGateCIS Fortigate 7.0.x v1.3.0 L2
4.3.2 Ensure DNS Filter logs all DNS queries and responsesFortiGateCIS Fortigate 7.0.x v1.3.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in usePalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1