System32
Sysmon
Events
Compliance
Validator
TLS/SSL
GeoIP
Tools
Security Technical Implementation Guides (STIGs)
Product
Microsoft Windows Server 2025
(46)
Ubuntu 22.04
(38)
Microsoft Windows 11
(22)
Microsoft Windows 10
(13)
Microsoft Windows Server 2022
(10)
Microsoft Windows Server 2016
(9)
Microsoft Windows Server 2019
(9)
macOS 15 - Sequoia
(1)
macOS 26 - Tahoe
(1)
Severity
Medium
(149)
SRG
SRG-OS-000064-GPOS-00033
(31)
SRG-OS-000470-GPOS-00214
(31)
SRG-OS-000327-GPOS-00127
(26)
SRG-OS-000474-GPOS-00219
(18)
SRG-OS-000062-GPOS-00031
(8)
SRG-OS-000472-GPOS-00217
(7)
SRG-OS-000471-GPOS-00215
(6)
SRG-OS-000462-GPOS-00206
(5)
SRG-OS-000466-GPOS-00210
(5)
SRG-OS-000458-GPOS-00203
(3)
SRG-OS-000477-GPOS-00222
(3)
SRG-OS-000240-GPOS-00090
(2)
SRG-OS-000463-GPOS-00207
(2)
SRG-OS-000468-GPOS-00212
(1)
SRG-OS-000471-GPOS-00216
(1)
CCIs
CCI-000172
(149)
STIG IDs
APPL-15-000190
(1)
APPL-26-000190
(1)
UBTU-22-654010
(1)
UBTU-22-654015
(1)
UBTU-22-654020
(1)
UBTU-22-654025
(1)
UBTU-22-654030
(1)
UBTU-22-654035
(1)
UBTU-22-654040
(1)
UBTU-22-654045
(1)
UBTU-22-654050
(1)
UBTU-22-654055
(1)
UBTU-22-654060
(1)
UBTU-22-654065
(1)
UBTU-22-654070
(1)
UBTU-22-654075
(1)
UBTU-22-654080
(1)
UBTU-22-654085
(1)
UBTU-22-654090
(1)
UBTU-22-654095
(1)
UBTU-22-654100
(1)
UBTU-22-654105
(1)
UBTU-22-654110
(1)
UBTU-22-654115
(1)
UBTU-22-654120
(1)
UBTU-22-654125
(1)
UBTU-22-654155
(1)
UBTU-22-654160
(1)
UBTU-22-654165
(1)
UBTU-22-654170
(1)
UBTU-22-654175
(1)
UBTU-22-654180
(1)
UBTU-22-654185
(1)
UBTU-22-654195
(1)
UBTU-22-654200
(1)
UBTU-22-654205
(1)
UBTU-22-654210
(1)
UBTU-22-654215
(1)
UBTU-22-654220
(1)
UBTU-22-654225
(1)
WN10-AU-000005
(1)
WN10-AU-000010
(1)
WN10-AU-000054
(1)
WN10-AU-000060
(1)
WN10-AU-000080
(1)
WN10-AU-000083
(1)
WN10-AU-000084
(1)
WN10-AU-000085
(1)
WN10-AU-000090
(1)
WN10-AU-000100
(1)
WN10-AU-000107
(1)
WN10-AU-000130
(1)
WN10-AU-000135
(1)
WN11-AU-000005
(1)
WN11-AU-000010
(1)
WN11-AU-000054
(1)
WN11-AU-000060
(1)
WN11-AU-000070
(1)
WN11-AU-000075
(1)
WN11-AU-000080
(1)
WN11-AU-000083
(1)
WN11-AU-000084
(1)
WN11-AU-000085
(1)
WN11-AU-000090
(1)
WN11-AU-000100
(1)
WN11-AU-000105
(1)
WN11-AU-000107
(1)
WN11-AU-000115
(1)
WN11-AU-000130
(1)
WN11-AU-000135
(1)
WN11-AU-000140
(1)
WN11-AU-000150
(1)
WN11-AU-000155
(1)
WN11-AU-000160
(1)
WN11-EP-000310
(1)
WN16-AU-000070
(1)
WN16-AU-000080
(1)
WN16-AU-000160
(1)
WN16-AU-000240
(1)
WN16-AU-000280
(1)
WN16-AU-000285
(1)
WN16-AU-000286
(1)
WN16-AU-000290
(1)
WN16-AU-000300
(1)
WN19-AU-000070
(1)
WN19-AU-000080
(1)
WN19-AU-000130
(1)
WN19-AU-000170
(1)
WN19-AU-000210
(1)
WN19-AU-000220
(1)
WN19-AU-000230
(1)
WN19-AU-000240
(1)
WN19-AU-000250
(1)
WN22-AU-000070
(1)
WN22-AU-000080
(1)
WN22-AU-000130
(1)
WN22-AU-000170
(1)
WN22-AU-000180
(1)
WN22-AU-000210
(1)
WN22-AU-000220
(1)
Rule IDs
SV-205832r991578_rule
(1)
SV-205833r991578_rule
(1)
SV-205834r991578_rule
(1)
SV-205835r991578_rule
(1)
SV-205836r991578_rule
(1)
SV-205837r991578_rule
(1)
SV-205839r991583_rule
(1)
SV-205840r991583_rule
(1)
SV-205841r991583_rule
(1)
SV-220748r991578_rule
(1)
SV-220749r991578_rule
(1)
SV-220755r991578_rule
(1)
SV-220756r991578_rule
(1)
SV-220760r991578_rule
(1)
SV-220763r991583_rule
(1)
SV-220764r991583_rule
(1)
SV-220765r991583_rule
(1)
SV-220766r991583_rule
(1)
SV-220767r991579_rule
(1)
SV-220769r991579_rule
(1)
SV-220773r991579_rule
(1)
SV-220774r991579_rule
(1)
SV-253306r991570_rule
(1)
SV-253307r991570_rule
(1)
SV-253313r991578_rule
(1)
SV-253314r991570_rule
(1)
SV-253316r991581_rule
(1)
SV-253317r991581_rule
(1)
SV-253318r991578_rule
(1)
SV-253321r991572_rule
(1)
SV-253322r991572_rule
(1)
SV-253323r991583_rule
(1)
SV-253324r991583_rule
(1)
SV-253325r991572_rule
(1)
SV-253326r991572_rule
(1)
SV-253327r991572_rule
(1)
SV-253329r991575_rule
(1)
SV-253331r991579_rule
(1)
SV-253332r991579_rule
(1)
SV-253333r991575_rule
(1)
SV-253334r991575_rule
(1)
SV-253335r991573_rule
(1)
SV-253336r991573_rule
(1)
SV-253426r991580_rule
(1)
SV-254300r991578_rule
(1)
SV-254301r991578_rule
(1)
SV-254306r991583_rule
(1)
SV-254310r991578_rule
(1)
SV-254311r991581_rule
(1)
SV-254314r991578_rule
(1)
SV-254315r991578_rule
(1)
SV-254316r991578_rule
(1)
SV-254317r991583_rule
(1)
SV-254318r991583_rule
(1)
SV-260604r958446_rule
(1)
SV-260605r958446_rule
(1)
SV-260606r958446_rule
(1)
SV-260607r958446_rule
(1)
SV-260608r958446_rule
(1)
SV-260609r958446_rule
(1)
SV-260610r958446_rule
(1)
SV-260611r991586_rule
(1)
SV-260612r958446_rule
(1)
SV-260613r991586_rule
(1)
SV-260614r991586_rule
(1)
SV-260615r958446_rule
(1)
SV-260616r958446_rule
(1)
SV-260617r958446_rule
(1)
SV-260618r958446_rule
(1)
SV-260619r958446_rule
(1)
SV-260620r958446_rule
(1)
SV-260621r958446_rule
(1)
SV-260622r958446_rule
(1)
SV-260623r958446_rule
(1)
SV-260624r958446_rule
(1)
SV-260625r958446_rule
(1)
SV-260626r958446_rule
(1)
SV-260627r958446_rule
(1)
SV-260633r958446_rule
(1)
SV-260634r958446_rule
(1)
SV-260635r958446_rule
(1)
SV-260636r958446_rule
(1)
SV-260637r958446_rule
(1)
SV-260638r958446_rule
(1)
SV-260639r991577_rule
(1)
SV-260641r991581_rule
(1)
SV-260642r991581_rule
(1)
SV-260643r991581_rule
(1)
SV-260644r958446_rule
(1)
SV-260645r958446_rule
(1)
SV-260646r991575_rule
(1)
SV-260647r991575_rule
(1)
SV-268451r1034293_rule
(1)
SV-277059r1148629_rule
(1)
SV-278047r1180847_rule
(1)
SV-278048r1180850_rule
(1)
SV-278049r1180853_rule
(1)
SV-278053r1180865_rule
(1)
SV-278054r1180868_rule
(1)
Tags
AppLocker
All AppLocker events
EventSentry
All EventSentry events
Security
All Windows Security events
stig
All stig events
Vulnerability ID
Severity
Description
V-254317
Medium
Windows Server 2022 must be configured to audit Object Access - Removable Storage successes
V-205840
Medium
Windows Server 2019 must be configured to audit Object Access - Removable Storage successes
V-253324
Medium
The system must be configured to audit Object Access - Removable Storage successes
V-220766
Medium
The system must be configured to audit Object Access - Removable Storage successes
V-260604
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the apparmor_par...
V-260605
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chacl command
V-260606
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chage command
V-260607
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chcon command
V-260608
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chfn command
V-260609
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chsh command
V-260610
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the crontab command
V-260611
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful attempts to use the fdis...
V-260612
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the gpasswd command
V-260613
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful attempts to use the kmod...
V-260614
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful attempts to use modprobe...
V-260615
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the mount command
V-260616
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the newgrp command
V-260617
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the pam_timestam...
V-260618
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the passwd command
V-260619
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the setfacl command
V-260620
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-agent co...
V-260621
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-keysign ...
V-260622
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the su command
V-260623
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the sudo command
V-260624
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the sudoedit com...
V-260625
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the umount command
V-260626
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the unix_update ...
V-260627
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the usermod command
V-260633
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chmod, fchmo...
V-260634
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chown, fchow...
V-260635
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the creat, open,...
V-260636
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the delete_modul...
V-260637
Medium
Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the init_module ...
V-260638
Medium
Ubuntu 22.04 LTS must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, r...
V-260639
Medium
Ubuntu 22.04 LTS must generate audit records for any successful/unsuccessful use of unlink, unlin...
V-260641
Medium
Ubuntu 22.04 LTS must generate audit records for the /var/log/btmp file
V-260642
Medium
Ubuntu 22.04 LTS must generate audit records for the /var/log/wtmp file
V-260643
Medium
Ubuntu 22.04 LTS must generate audit records for the /var/run/utmp file
V-260644
Medium
Ubuntu 22.04 LTS must generate audit records for the use and modification of faillog file
V-260645
Medium
Ubuntu 22.04 LTS must generate audit records for the use and modification of the lastlog file
V-260646
Medium
Ubuntu 22.04 LTS must generate audit records when successful/unsuccessful attempts to modify the ...
V-260647
Medium
Ubuntu 22.04 LTS must generate audit records when successful/unsuccessful attempts to modify the ...
V-253426
Medium
Windows 11 Kernel (Direct Memory Access) DMA Protection must be enabled
V-224881
Medium
Windows Server 2016 must be configured to audit Account Logon - Credential Validation successes
V-224882
Medium
Windows Server 2016 must be configured to audit Account Logon - Credential Validation failures
V-224887
Medium
Windows Server 2016 must be configured to audit Detailed Tracking - Plug and Play Events successes
V-224891
Medium
Windows Server 2016 must be configured to audit Logon/Logoff - Group Membership successes
V-224895
Medium
Windows Server 2016 must be configured to audit Logon/Logoff - Special Logon successes
V-224896
Medium
Windows 2016 must be configured to audit Object Access - Other Object Access Events successes
V-224897
Medium
Windows 2016 must be configured to audit Object Access - Other Object Access Events failures
V-224898
Medium
Windows Server 2016 must be configured to audit Object Access - Removable Storage successes
V-224899
Medium
Windows Server 2016 must be configured to audit Object Access - Removable Storage failures
V-254306
Medium
Windows Server 2022 must be configured to audit Detailed Tracking - Plug and Play Events successes
V-205839
Medium
Windows Server 2019 must be configured to audit Detailed Tracking - Plug and Play Events successes
V-254310
Medium
Windows Server 2022 must be configured to audit Logon/Logoff - Group Membership successes
V-205834
Medium
Windows Server 2019 must be configured to audit Logon/Logoff - Group Membership successes
V-253314
Medium
The system must be configured to audit Logon/Logoff - Group Membership successes
V-220756
Medium
The system must be configured to audit Logon/Logoff - Group Membership successes
V-254311
Medium
Windows Server 2022 must be configured to audit logoff successes
V-253317
Medium
The system must be configured to audit Logon/Logoff - Logon successes
V-253316
Medium
The system must be configured to audit Logon/Logoff - Logon failures
V-254314
Medium
Windows Server 2022 must be configured to audit Logon/Logoff - Special Logon successes
V-205835
Medium
Windows Server 2019 must be configured to audit Logon/Logoff - Special Logon successes
V-253318
Medium
The system must be configured to audit Logon/Logoff - Special Logon successes
V-220760
Medium
The system must be configured to audit Logon/Logoff - Special Logon successes
V-254315
Medium
Windows Server 2022 must be configured to audit Object Access - Other Object Access Events successes
V-205836
Medium
Windows Server 2019 must be configured to audit Object Access - Other Object Access Events successes
V-253321
Medium
Windows 11 must be configured to audit Object Access - Other Object Access Events successes
V-220763
Medium
Windows 10 must be configured to audit Object Access - Other Object Access Events successes
V-254316
Medium
Windows Server 2022 must be configured to audit Object Access - Other Object Access Events failures
V-205837
Medium
Windows Server 2019 must be configured to audit Object Access - Other Object Access Events failures
V-253322
Medium
Windows 11 must be configured to audit Object Access - Other Object Access Events failures
V-220764
Medium
Windows 10 must be configured to audit Object Access - Other Object Access Events failures
V-254318
Medium
Windows Server 2022 must be configured to audit Object Access - Removable Storage failures
V-205841
Medium
Windows Server 2019 must be configured to audit Object Access - Removable Storage failures
V-253323
Medium
The system must be configured to audit Object Access - Removable Storage failures
V-220765
Medium
The system must be configured to audit Object Access - Removable Storage failures
V-253325
Medium
The system must be configured to audit Policy Change - Audit Policy Change successes
V-220767
Medium
The system must be configured to audit Policy Change - Audit Policy Change successes
V-253326
Medium
The system must be configured to audit Policy Change - Authentication Policy Change successes
V-253327
Medium
The system must be configured to audit Policy Change - Authorization Policy Change successes
V-220769
Medium
The system must be configured to audit Policy Change - Authorization Policy Change successes
V-253329
Medium
The system must be configured to audit Privilege Use - Sensitive Privilege Use successes
V-253331
Medium
The system must be configured to audit System - Other System Events successes
V-220773
Medium
The system must be configured to audit System - Other System Events successes
V-253332
Medium
The system must be configured to audit System - Other System Events failures
V-220774
Medium
The system must be configured to audit System - Other System Events failures
V-253333
Medium
The system must be configured to audit System - Security State Change successes
V-253334
Medium
The system must be configured to audit System - Security System Extension successes
V-253336
Medium
The system must be configured to audit System - System Integrity successes
V-253335
Medium
The system must be configured to audit System - System Integrity failures
V-254300
Medium
Windows Server 2022 must be configured to audit Account Logon - Credential Validation successes
V-205832
Medium
Windows Server 2019 must be configured to audit Account Logon - Credential Validation successes
V-253307
Medium
The system must be configured to audit Account Logon - Credential Validation successes
V-220749
Medium
The system must be configured to audit Account Logon - Credential Validation successes
V-254301
Medium
Windows Server 2022 must be configured to audit Account Logon - Credential Validation failures
V-205833
Medium
Windows Server 2019 must be configured to audit Account Logon - Credential Validation failures
V-253306
Medium
The system must be configured to audit Account Logon - Credential Validation failures
V-220748
Medium
The system must be configured to audit Account Logon - Credential Validation failures
V-253313
Medium
The system must be configured to audit Logon/Logoff - Account Lockout failures
V-220755
Medium
The system must be configured to audit Logon/Logoff - Account Lockout failures
V-268451
Medium
The macOS system must configure sudo to log events
V-278047
Medium
Windows Server 2025 must be configured to audit Account Logon - Credential Validation successes
V-278048
Medium
Windows Server 2025 must be configured to audit Account Logon - Credential Validation failures
V-278049
Medium
Windows Server 2025 must be configured to audit Account Management - Other Account Management Eve...
V-278053
Medium
Windows Server 2025 must be configured to audit Detailed Tracking - Plug and Play Events successes
V-278054
Medium
Windows Server 2025 must be configured to audit Detailed Tracking - Process Creation successes
V-278055
Medium
Windows Server 2025 must be configured to audit Logon/Logoff - Account Lockout successes
V-278056
Medium
Windows Server 2025 must be configured to audit Logon/Logoff - Account Lockout failures
V-278057
Medium
Windows Server 2025 must be configured to audit Logon/Logoff - Group Membership successes
V-278058
Medium
Windows Server 2025 must be configured to audit logoff successes
V-278061
Medium
Windows Server 2025 must be configured to audit Logon/Logoff - Special Logon successes
V-278062
Medium
Windows Server 2025 must be configured to audit Object Access - Other Object Access Events successes
V-278063
Medium
Windows Server 2025 must be configured to audit Object Access - Other Object Access Events failures
V-278064
Medium
Windows Server 2025 must be configured to audit Object Access - Removable Storage successes
V-278065
Medium
Windows Server 2025 must be configured to audit Object Access - Removable Storage failures
V-278066
Medium
Windows Server 2025 must be configured to audit Policy Change - Audit Policy Change successes
V-278067
Medium
Windows Server 2025 must be configured to audit Policy Change - Audit Policy Change failures
V-278068
Medium
Windows Server 2025 must be configured to audit Policy Change - Authentication Policy Change succ...
V-278069
Medium
Windows Server 2025 must be configured to audit Policy Change - Authorization Policy Change succe...
V-278070
Medium
Windows Server 2025 must be configured to audit Privilege Use - Sensitive Privilege Use successes
V-278071
Medium
Windows Server 2025 must be configured to audit Privilege Use - Sensitive Privilege Use failures
V-278072
Medium
Windows Server 2025 must be configured to audit System - IPsec Driver successes
V-278073
Medium
Windows Server 2025 must be configured to audit System - IPsec Driver failures
V-278074
Medium
Windows Server 2025 must be configured to audit System - Other System Events successes
V-278075
Medium
Windows Server 2025 must be configured to audit System - Other System Events failures
V-278076
Medium
Windows Server 2025 must be configured to audit System - Security State Change successes
V-278077
Medium
Windows Server 2025 must be configured to audit System - Security System Extension successes
V-278078
Medium
Windows Server 2025 must be configured to audit System - System Integrity successes
V-278079
Medium
Windows Server 2025 must be configured to audit System - System Integrity failures
V-278148
Medium
Windows Server 2025 Active Directory Group Policy Objects (GPOs) must be configured with proper a...
V-278149
Medium
Windows Server 2025 Active Directory (AD) Domain object must be configured with proper audit sett...
V-278150
Medium
Windows Server 2025 Active Directory (AD) Infrastructure object must be configured with proper au...
V-278151
Medium
Windows Server 2025 Active Directory (AD) Domain Controllers Organizational Unit (OU) object must...
V-278152
Medium
Windows Server 2025 Active Directory (AD) AdminSDHolder object must be configured with proper aud...
V-278153
Medium
Windows Server 2025 Active Directory (AD) RID Manager$ object must be configured with proper audi...
V-278155
Medium
Windows Server 2025 must be configured to audit DS Access - Directory Service Access successes
V-278156
Medium
Windows Server 2025 must be configured to audit DS Access - Directory Service Access failures
V-278157
Medium
Windows Server 2025 must be configured to audit DS Access - Directory Service Changes successes
V-278158
Medium
Windows Server 2025 must be configured to audit DS Access - Directory Service Changes failures
V-279916
Medium
Windows Server 2025 must be configured to audit file system failures
V-279917
Medium
Windows Server 2025 must be configured to audit file system successes
V-279918
Medium
Windows Server 2025 must be configured to audit handle manipulation failures
V-279919
Medium
Windows Server 2025 must be configured to audit handle manipulation successes
V-279920
Medium
Windows Server 2025 must be configured to audit registry failures
V-279921
Medium
Windows Server 2025 must be configured to audit registry successes
V-279922
Medium
Windows Server 2025 must be configured to audit sensitive privilege use successes
V-279923
Medium
Windows Server 2025 must be configured to audit sensitive privilege use failures
V-277059
Medium
The macOS system must configure sudo to log events