CCI-000130
Ensure that audit records containing information that establishes what type of event occurred.
34 rules found Severity: Medium
33 rules found Severity: Medium
33 rules found Severity: Medium
34 rules found Severity: Medium
33 rules found Severity: Medium
33 rules found Severity: Medium
33 rules found Severity: Medium
34 rules found Severity: Medium
33 rules found Severity: Medium
34 rules found Severity: Medium
33 rules found Severity: Medium
33 rules found Severity: Medium
33 rules found Severity: Medium
33 rules found Severity: Medium
31 rules found Severity: Medium
33 rules found Severity: Medium
27 rules found Severity: Medium
28 rules found Severity: Medium
26 rules found Severity: Medium
7 rules found Severity: Medium
26 rules found Severity: Medium
20 rules found Severity: Medium
20 rules found Severity: Medium
20 rules found Severity: Medium
20 rules found Severity: Medium
13 rules found Severity: Medium
20 rules found Severity: Medium
13 rules found Severity: Medium
18 rules found Severity: Medium
20 rules found Severity: Medium
20 rules found Severity: Medium
20 rules found Severity: Medium
18 rules found Severity: Medium
18 rules found Severity: Medium
13 rules found Severity: Medium
20 rules found Severity: Medium
20 rules found Severity: Medium
23 rules found Severity: Medium
19 rules found Severity: Medium
19 rules found Severity: Medium
20 rules found Severity: Medium
10 rules found Severity: Medium
10 rules found Severity: Medium
18 rules found Severity: Medium
2 rules found Severity: Medium
5 rules found Severity: Medium
2 rules found Severity: Medium
3 rules found Severity: Medium
The Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Low
The DBN-6300 must produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Low
The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.
1 rule found Severity: Medium
The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.
1 rule found Severity: Medium
The FortiGate firewall must generate traffic log entries containing information to establish what type of events occurred.
1 rule found Severity: Medium
The HP FlexFabric Switch must produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Low
The HYCU server must initiate session auditing upon startup and produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Medium
The MQ Appliance messaging server must produce log records containing information to establish what type of events occurred.
1 rule found Severity: Medium
The MQ Appliance network device must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Sentry must produce audit records containing information to establish what type of events occurred.
2 rules found Severity: Low
Nutanix AOS must produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
OHS must have a log level severity defined to produce sufficient log records to establish what type of events occurred.
1 rule found Severity: Medium
OHS must have a log format defined for log records generated to capture sufficient information to establish what type of events occurred.
1 rule found Severity: Medium
OHS must have a SSL log format defined for log records generated to capture sufficient information to establish what type of events occurred.
1 rule found Severity: Medium
OHS must have a log file defined for each site/virtual host to capture sufficient information to establish what type of events occurred.
1 rule found Severity: Medium
Oracle WebLogic must produce process events and severity levels to establish what type of HTTPD-related events and severity levels occurred.
1 rule found Severity: Low
Oracle WebLogic must produce audit records containing sufficient information to establish what type of JVM-related events and severity levels occurred.
1 rule found Severity: Low
Oracle WebLogic must produce process events and security levels to establish what type of Oracle WebLogic process events and severity levels occurred.
1 rule found Severity: Low
Symantec ProxySG must produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system.
1 rule found Severity: Medium
MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.
2 rules found Severity: Medium
The DBMS must produce audit records containing sufficient information to establish what type of events occurred.
3 rules found Severity: Medium
PostgreSQL must produce audit records containing sufficient information to establish what type of events occurred.
3 rules found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The BIG-IP AFM module must be configured to produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
The BIG-IP ASM module must be configured to produce ASM Event Logs containing information to establish what type of unauthorized events occurred.
1 rule found Severity: Medium
The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.
1 rule found Severity: Medium
1 rule found Severity: Medium
The print-severity variable for the configuration of BIND 9.x server logs must be configured to produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Low
The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.
1 rule found Severity: Medium
The Cisco ASA must be configured to generate traffic log entries containing information to establish what type of events occurred.
1 rule found Severity: Medium
The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Medium
The DNS server implementation must produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish what type of events occurred.
1 rule found Severity: Medium
The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing what type of connection occurred.
1 rule found Severity: Medium
The F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.
1 rule found Severity: Medium
The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the type of session connection.
1 rule found Severity: Medium
The F5 BIG-IP appliance must generate traffic log entries containing information to establish the details of the event, including success or failure of the application of the firewall rule.
1 rule found Severity: Medium
The F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.
1 rule found Severity: Medium
SSMC web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.
1 rule found Severity: Medium
AIX must produce audit records containing information to establish what the date, time, and type of events that occurred.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.
1 rule found Severity: Medium
The ICS must be configured to generate log records containing sufficient information about where, when, identity, source, or outcome of the events.
1 rule found Severity: Low
The Juniper device must be configured to produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Medium
JBoss must be configured to log the IP address of the remote system connecting to the JBoss system/cluster.
1 rule found Severity: Medium
JBoss must be configured to produce log records containing information to establish what type of events occurred.
1 rule found Severity: Medium
Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.
1 rule found Severity: Medium
MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The network device must produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The Oracle Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
MySQL Database Server 8.0 must produce audit records containing sufficient information to establish what type of events occurred.
1 rule found Severity: Medium
The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.
1 rule found Severity: High
Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.
1 rule found Severity: Medium
The SDN controller must be configured to produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
SLEM 5 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
SLEM 5 must generate audit records for all uses of the "chmod", "fchmod" and "fchmodat" system calls.
1 rule found Severity: Medium
SLEM 5 must generate audit records for all uses of the "chown", "fchown", "fchownat", and "lchown" system calls.
1 rule found Severity: Medium
SLEM 5 must generate audit records for all uses of the "creat", "open", "openat", "open_by_handle_at", "truncate", and "ftruncate" system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
SLEM 5 must generate audit records for all uses of the "init_module" and "finit_module" system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
SLEM 5 must generate audit records for all uses of the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
SLEM 5 must generate audit records for all modifications to the "tallylog" file must generate an audit record.
1 rule found Severity: Medium
1 rule found Severity: Medium
The TPS must provide audit record generation capability for detection events based on implementation of policy filters, rules, signatures, and anomaly analysis.
1 rule found Severity: Medium
The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: High
TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
Successful/unsuccessful uses of the "pam_timestamp_check" command in TOSS must generate an audit record.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The web server must produce log records containing sufficient information to establish what type of events occurred.
1 rule found Severity: Medium
12 rules found Severity: Medium
1 rule found Severity: Medium
The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.
1 rule found Severity: Medium
The Apache web server must produce log records containing sufficient information to establish what type of events occurred.
3 rules found Severity: Medium
The ALG must produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
The application server must produce log records containing information to establish what type of events occurred.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
1 rule found Severity: Medium
The Central Log Server must produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Low
The System Administrator (SA) and Information System Security Manager (ISSM) must configure the retention of the log records based on criticality level, event type, and/or retention period, at a minimum.
1 rule found Severity: Low
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/
1 rule found Severity: Medium
1 rule found Severity: Medium
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record.
1 rule found Severity: Medium
1 rule found Severity: Medium
AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
AlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
AlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
1 rule found Severity: Medium
The firewall must generate traffic log entries containing information to establish what type of events occurred.
1 rule found Severity: Medium
The operating system must produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
The HYCU virtual appliance must produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Medium
The IDPS must produce audit records containing sufficient information to establish what type of event occurred, including, at a minimum, event descriptions, policy filter, rule or signature invoked, port, protocol, and criticality level/alert code or description.
1 rule found Severity: Medium
The Mainframe Product must produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
MariaDB must produce audit records containing sufficient information to establish what type of events occurred.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
1 rule found Severity: Medium
Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
OL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd".
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".
1 rule found Severity: Medium
OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/".
1 rule found Severity: Medium
The OL 8 audit system must be configured to audit any use of the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
OL 8 must generate audit records for any use of the "rename", "unlink", "rmdir", "renameat", and "unlinkat" system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
OL 8 must generate audit records for any use of the "truncate", "ftruncate", "creat", "open", "openat", and "open_by_handle_at" system calls.
1 rule found Severity: Medium
OL 8 must generate audit records for any use of the "chown", "fchown", "fchownat", and "lchown" system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
OL 8 must allocate an "audit_backlog_limit" of sufficient size to capture processes that start prior to the audit daemon.
1 rule found Severity: Low
1 rule found Severity: Low
1 rule found Severity: Medium
1 rule found Severity: Medium
RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
RHEL 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
2 rules found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Low
2 rules found Severity: Low
1 rule found Severity: Low
1 rule found Severity: Low
2 rules found Severity: Low
2 rules found Severity: Low
2 rules found Severity: Medium
The SUSE operating system must generate audit records for all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr syscalls.
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the chown, fchown, fchownat, and lchown syscalls.
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the chmod, fchmod, and fchmodat system calls.
2 rules found Severity: Medium
The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.
1 rule found Severity: Medium
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
1 rule found Severity: Medium
RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.
1 rule found Severity: Medium
1 rule found Severity: Low
2 rules found Severity: Low
2 rules found Severity: Low
2 rules found Severity: Low
2 rules found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
Successful/unsuccessful attempts to modify categories of information (e.g., classification levels) must generate audit records.
1 rule found Severity: Medium
2 rules found Severity: Medium
The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record.
2 rules found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command.
2 rules found Severity: Medium
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the init_module and finit_module syscalls.
1 rule found Severity: Medium
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls.
1 rule found Severity: Medium
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the unix_chkpwd or unix2_chkpwd commands.
1 rule found Severity: Medium
The SUSE operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the chown, fchown, fchownat, and lchown system calls.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Low
1 rule found Severity: Low
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the delete_module system call.
1 rule found Severity: Medium
The SUSE operating system must generate audit records for all uses of the init_module and finit_module system calls.
1 rule found Severity: Medium
The VMM must produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
The UEM server must be configured to produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
The ESXi host must produce audit records containing information to establish what type of events occurred.
1 rule found Severity: Medium
1 rule found Severity: Medium
VAMI must produce log records containing sufficient information to establish what type of events occurred.
1 rule found Severity: Medium
The NSX Distributed Firewall must generate traffic log entries that can be sent by the ESXi hosts to the central syslog.
1 rule found Severity: Low
1 rule found Severity: Medium
1 rule found Severity: Medium
The ESXi must produce audit records containing information to establish what type of events occurred.
2 rules found Severity: Medium
The ESXi host must forward audit records containing information to establish what type of events occurred.
2 rules found Severity: Medium
The vCenter Server must produce audit records containing information to establish what type of events occurred.
3 rules found Severity: Medium
The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium
The Security Token Service must record user access in a format that enables monitoring of remote access.
1 rule found Severity: Medium
The vCenter Lookup service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium
The vCenter Perfcharts service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium
1 rule found Severity: Medium
The VPN Gateway must generate log records containing information to establish what type of events occurred.
1 rule found Severity: Low
The vCenter PostgreSQL service must produce logs containing sufficient information to establish what type of events occurred.
2 rules found Severity: Medium
The vCenter STS service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium
The vCenter UI service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium
The vCenter VAMI service must produce log records containing sufficient information to establish what type of events occurred.
2 rules found Severity: Medium
The NSX-T Distributed Firewall must generate traffic log entries containing information to establish the details of the event.
1 rule found Severity: Medium
The NSX-T Tier-0 Gateway Firewall must generate traffic log entries containing information to establish the details of the event.
1 rule found Severity: Low
The NSX-T Tier-1 Gateway Firewall must generate traffic log entries containing information to establish what type of events occurred.
1 rule found Severity: Medium
The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred.
1 rule found Severity: Low