CSCv7|8.8

Title

Enable Command-line Audit Logging

Description

Enable command-line audit logging for command shells, such as Microsoft Powershell and Bash.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
18.10.86.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L2
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.0 L2 Member Server
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L2
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L2 Domain Controller
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L2 MS
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BL
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.0 L2 Domain Controller
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L2 MS
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + NG
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L2 DC
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L2 MS
18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L2 DC
18.10.86.2 (L1) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L2
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L2
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + NG
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BL
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL
18.10.86.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 MS
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 DC
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG MS
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
18.10.87.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.10.87.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.87.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.10.87.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1

Detections

Analytics

CSCv7|8.8

Title

Description

Reference Item Details

Audit Items