System32
Sysmon
Events
Compliance
Validator
TLS/SSL
GeoIP
Tools
Security Technical Implementation Guides (STIGs)
Product
Microsoft IIS 10.0 Site Security
(42)
Severity
Medium
(36)
High
(4)
Low
(2)
SRG
SRG-APP-000516-WSR-000174
(3)
SRG-APP-000141-WSR-000015
(2)
SRG-APP-000141-WSR-000075
(2)
SRG-APP-000266-WSR-000159
(2)
SRG-APP-000383-WSR-000175
(2)
SRG-APP-000439-WSR-000156
(2)
SRG-APP-000001-WSR-000001
(1)
SRG-APP-000092-WSR-000055
(1)
SRG-APP-000099-WSR-000061
(1)
SRG-APP-000100-WSR-000064
(1)
SRG-APP-000120-WSR-000070
(1)
SRG-APP-000125-WSR-000071
(1)
SRG-APP-000141-WSR-000076
(1)
SRG-APP-000141-WSR-000077
(1)
SRG-APP-000141-WSR-000078
(1)
SRG-APP-000141-WSR-000080
(1)
SRG-APP-000141-WSR-000081
(1)
SRG-APP-000141-WSR-000085
(1)
SRG-APP-000206-WSR-000128
(1)
SRG-APP-000211-WSR-000030
(1)
SRG-APP-000211-WSR-000129
(1)
SRG-APP-000223-WSR-000011
(1)
SRG-APP-000223-WSR-000145
(1)
SRG-APP-000225-WSR-000074
(1)
SRG-APP-000231-WSR-000144
(1)
SRG-APP-000251-WSR-000157
(1)
SRG-APP-000266-WSR-000142
(1)
SRG-APP-000315-WSR-000004
(1)
SRG-APP-000316-WSR-000170
(1)
SRG-APP-000340-WSR-000029
(1)
SRG-APP-000357-WSR-000150
(1)
SRG-APP-000380-WSR-000072
(1)
SRG-APP-000435-WSR-000148
(1)
SRG-APP-000439-WSR-000152
(1)
SRG-APP-000516-WSR-000079
(1)
CCIs
CCI-000381
(10)
CCI-000366
(4)
CCI-001312
(3)
CCI-002418
(3)
CCI-001082
(2)
CCI-001664
(2)
CCI-001762
(2)
CCI-000054
(1)
CCI-000134
(1)
CCI-000139,CCI-001464,CCI-001851
(1)
CCI-000164
(1)
CCI-000213,CCI-001813,CCI-002385
(1)
CCI-001166
(1)
CCI-001190
(1)
CCI-001199
(1)
CCI-001310
(1)
CCI-001348
(1)
CCI-001487
(1)
CCI-001849
(1)
CCI-002235
(1)
CCI-002314
(1)
CCI-002322
(1)
CCI-002385
(1)
STIG IDs
IIST-SV-000103
(1)
IIST-SV-000110
(1)
IIST-SV-000111
(1)
IIST-SV-000115
(1)
IIST-SV-000116
(1)
IIST-SV-000117
(1)
IIST-SV-000118
(1)
IIST-SV-000119
(1)
IIST-SV-000120
(1)
IIST-SV-000121
(1)
IIST-SV-000123
(1)
IIST-SV-000124
(1)
IIST-SV-000125
(1)
IIST-SV-000130
(1)
IIST-SV-000131
(1)
IIST-SV-000132
(1)
IIST-SV-000134
(1)
IIST-SV-000135
(1)
IIST-SV-000136
(1)
IIST-SV-000137
(1)
IIST-SV-000138
(1)
IIST-SV-000139
(1)
IIST-SV-000140
(1)
IIST-SV-000142
(1)
IIST-SV-000143
(1)
IIST-SV-000144
(1)
IIST-SV-000145
(1)
IIST-SV-000147
(1)
IIST-SV-000148
(1)
IIST-SV-000149
(1)
IIST-SV-000151
(1)
IIST-SV-000152
(1)
IIST-SV-000153
(1)
IIST-SV-000154
(1)
IIST-SV-000156
(1)
IIST-SV-000158
(1)
IIST-SV-000159
(1)
IIST-SV-000160
(1)
IIST-SV-000200
(1)
IIST-SV-000205
(1)
IIST-SV-000215
(1)
IIST-SV-000220
(1)
Rule IDs
SV-218786r1022652_rule
(1)
SV-218788r960903_rule
(1)
SV-218789r960906_rule
(1)
SV-218790r1067580_rule
(1)
SV-218791r960948_rule
(1)
SV-218792r960963_rule
(1)
SV-218793r960963_rule
(1)
SV-218794r960963_rule
(1)
SV-218795r960963_rule
(1)
SV-218796r960963_rule
(1)
SV-218797r960963_rule
(1)
SV-218798r1112381_rule
(1)
SV-218799r960963_rule
(1)
SV-218801r961083_rule
(1)
SV-218802r961095_rule
(1)
SV-218803r961095_rule
(1)
SV-218804r1043180_rule
(1)
SV-218805r1067583_rule
(1)
SV-218806r961122_rule
(1)
SV-218807r1067586_rule
(1)
SV-218808r961158_rule
(1)
SV-218809r961167_rule
(1)
SV-218810r1022657_rule
(1)
SV-218812r961278_rule
(1)
SV-218813r961281_rule
(1)
SV-218814r1067589_rule
(1)
SV-218815r961392_rule
(1)
SV-218816r1067591_rule
(1)
SV-218817r961470_rule
(1)
SV-218818r961470_rule
(1)
SV-218819r1022659_rule
(1)
SV-218820r961632_rule
(1)
SV-218821r1067596_rule
(1)
SV-218822r961632_rule
(1)
SV-218823r961863_rule
(1)
SV-218824r961863_rule
(1)
SV-218825r1067593_rule
(1)
SV-218826r960735_rule
(1)
SV-218827r1112380_rule
(1)
SV-228572r960963_rule
(1)
SV-241789r1022662_rule
(1)
SV-268325r1025163_rule
(1)
Tags
AppLocker
All AppLocker events
EventSentry
All EventSentry events
Security
All Windows Security events
stig
All stig events
Vulnerability ID
Severity
Description
V-218786
Medium
Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled
V-218788
Medium
The IIS 10.0 web server must produce log records that contain sufficient information to establish...
V-218789
Medium
The IIS 10.0 web server must produce log records containing sufficient information to establish t...
V-218790
Medium
The log information from the IIS 10.0 web server must be protected from unauthorized modification...
V-218791
Medium
The log data and records from the IIS 10.0 web server must be backed up onto a different system o...
V-218792
Medium
The IIS 10.0 web server must not perform user management for hosted applications
V-218793
Medium
The IIS 10.0 web server must only contain functions necessary for operation
V-218794
Medium
The IIS 10.0 web server must not be both a website server and a proxy server
V-218795
High
All IIS 10.0 web server sample code, example applications, and tutorials must be removed from a p...
V-218796
Medium
The accounts created by uninstalled features (i.e., tools, utilities, specific, etc.) must be del...
V-218797
Medium
The IIS 10.0 web server must be reviewed on a regular basis to remove any Operating System featur...
V-218798
Medium
The IIS 10.0 web server must have Multipurpose Internet Mail Extensions (MIME) that invoke OS she...
V-218799
Medium
The IIS 10.0 web server must have Web Distributed Authoring and Versioning (WebDAV) disabled
V-218801
Medium
Java software installed on a production IIS 10.0 web server must be limited to .class files and t...
V-218802
High
IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system f...
V-218803
Medium
The IIS 10.0 web server must separate the hosted applications from hosted web server management f...
V-218804
Medium
The IIS 10.0 web server must use cookies to track session state
V-218805
Medium
The IIS 10.0 web server must accept only system-generated session identifiers
V-218806
Medium
The IIS 10.0 web server must augment re-creation to a stable and known baseline
V-218807
Medium
The production IIS 10.0 web server must utilize SHA2 encryption for the Machine Key
V-218808
Medium
Directory Browsing on the IIS 10.0 web server must be disabled
V-218809
Medium
The IIS 10.0 web server Indexing must only index web content
V-218810
Medium
Warning and error messages displayed to clients must be modified to minimize the identity of the ...
V-218812
Medium
The IIS 10.0 web server must restrict inbound connections from non-secure zones
V-218813
Medium
The IIS 10.0 web server must provide the capability to immediately disconnect or disable remote a...
V-218814
Medium
IIS 10.0 web server system files must conform to minimum file permission requirements
V-218815
Medium
The IIS 10.0 web server must use a logging mechanism configured to allocate log record storage ca...
V-218816
Medium
Access to web administration tools must be restricted to the web manager and the web managers des...
V-218817
Medium
The IIS 10.0 web server must not be running on a system providing any other role
V-218818
Medium
The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server
V-218819
Medium
The IIS 10.0 web server must be tuned to handle the operational requirements of the hosted applic...
V-218820
Medium
IIS 10.0 web server session IDs must be sent to the client using TLS
V-218821
High
An IIS 10.0 web server must maintain the confidentiality of controlled information during transmi...
V-218822
Medium
The IIS 10.0 web server must maintain the confidentiality of controlled information during transm...
V-218823
High
All accounts installed with the IIS 10.0 web server software and tools must have passwords assign...
V-218824
Medium
Unspecified file extensions on a production IIS 10.0 web server must be removed
V-218825
Medium
The IIS 10.0 web server must have a global authorization rule configured to restrict access
V-228572
Medium
An IIS Server configured to be a SMTP relay must require authentication
V-218826
Medium
The IIS 10.0 websites MaxConnections setting must be configured to limit the number of allowed si...
V-218827
Low
The IIS 10.0 web server must enable HTTP Strict Transport Security (HSTS)
V-241789
Low
ASP.NET version must be removed from the HTTP Response Header information
V-268325
Medium
The Request Smuggling filter must be enabled