System32
Sysmon
Events
Compliance
Validator
TLS/SSL
GeoIP
Tools
Security Technical Implementation Guides (STIGs)
Product
Microsoft Windows 11
(91)
Severity
Medium
(69)
High
(18)
Low
(4)
SRG
SRG-OS-000480-GPOS-00227
(24)
SRG-OS-000095-GPOS-00049
(14)
SRG-OS-000134-GPOS-00068
(6)
SRG-OS-000324-GPOS-00125
(4)
SRG-OS-000138-GPOS-00069
(3)
SRG-OS-000341-GPOS-00132
(3)
SRG-OS-000368-GPOS-00154
(3)
SRG-OS-000373-GPOS-00156
(3)
SRG-OS-000373-GPOS-00157
(3)
SRG-OS-000021-GPOS-00005
(2)
SRG-OS-000042-GPOS-00020
(2)
SRG-OS-000057-GPOS-00027
(2)
SRG-OS-000073-GPOS-00041
(2)
SRG-OS-000080-GPOS-00048
(2)
SRG-OS-000024-GPOS-00007
(1)
SRG-OS-000062-GPOS-00031
(1)
SRG-OS-000069-GPOS-00037
(1)
SRG-OS-000074-GPOS-00042
(1)
SRG-OS-000075-GPOS-00043
(1)
SRG-OS-000076-GPOS-00044
(1)
SRG-OS-000076-GPOS-00044
(1)
SRG-OS-000077-GPOS-00045
(1)
SRG-OS-000078-GPOS-00046
(1)
SRG-OS-000104-GPOS-00051
(1)
SRG-OS-000120-GPOS-00061
(1)
SRG-OS-000121-GPOS-00062
(1)
SRG-OS-000205-GPOS-00083
(1)
SRG-OS-000279-GPOS-00109
(1)
SRG-OS-000329-GPOS-00128
(1)
SRG-OS-000433-GPOS-00192
(1)
SRG-OS-000474-GPOS-00219
(1)
SRG-OS-000480-GPOS-00229
(1)
CCIs
CCI-000366
(24)
CCI-000381
(14)
CCI-002038
(6)
CCI-001084
(5)
CCI-002235
(4)
CCI-001090
(3)
CCI-001764
(3)
CCI-001849
(3)
CCI-000044
(2)
CCI-000135
(2)
CCI-000162
(2)
CCI-000213
(2)
CCI-004062,CCI-000196
(2)
CCI-004066,CCI-000199
(2)
CCI-000044,CCI-000048,CCI-000050
(1)
CCI-000169
(1)
CCI-000172
(1)
CCI-000197
(1)
CCI-000366
(1)
CCI-000764
(1)
CCI-000803
(1)
CCI-000804
(1)
CCI-001084
(1)
CCI-001133,CCI-002361
(1)
CCI-001312
(1)
CCI-002238
(1)
CCI-002824
(1)
CCI-004061
(1)
CCI-004066,CCI-000192
(1)
CCI-004066,CCI-000198
(1)
CCI-004066,CCI-000205
(1)
STIG IDs
WN10-SO-000205
(1)
WN11-00-000040
(1)
WN11-00-000045
(1)
WN11-00-000050
(1)
WN11-00-000090
(1)
WN11-00-000100
(1)
WN11-00-000110
(1)
WN11-00-000135
(1)
WN11-00-000150
(1)
WN11-00-000155
(1)
WN11-00-000165
(1)
WN11-00-000170
(1)
WN11-AC-000005
(1)
WN11-AC-000010
(1)
WN11-AC-000015
(1)
WN11-AC-000020
(1)
WN11-AC-000025
(1)
WN11-AC-000030
(1)
WN11-AC-000035
(1)
WN11-AC-000040
(1)
WN11-AC-000045
(1)
WN11-AU-000090
(1)
WN11-AU-000500
(1)
WN11-AU-000505
(1)
WN11-AU-000510
(1)
WN11-AU-000520
(1)
WN11-AU-000525
(1)
WN11-CC-000020
(1)
WN11-CC-000037
(1)
WN11-CC-000038
(1)
WN11-CC-000040
(1)
WN11-CC-000050
(1)
WN11-CC-000066
(1)
WN11-CC-000068
(1)
WN11-CC-000075
(1)
WN11-CC-000085
(1)
WN11-CC-000090
(1)
WN11-CC-000100
(1)
WN11-CC-000110
(1)
WN11-CC-000120
(1)
WN11-CC-000130
(1)
WN11-CC-000145
(1)
WN11-CC-000150
(1)
WN11-CC-000155
(1)
WN11-CC-000175
(1)
WN11-CC-000180
(1)
WN11-CC-000185
(1)
WN11-CC-000190
(1)
WN11-CC-000200
(1)
WN11-CC-000205
(1)
WN11-CC-000210
(1)
WN11-CC-000225
(1)
WN11-CC-000280
(1)
WN11-CC-000295
(1)
WN11-CC-000300
(1)
WN11-CC-000305
(1)
WN11-CC-000325
(1)
WN11-CC-000326
(1)
WN11-SO-000005
(1)
WN11-SO-000010
(1)
WN11-SO-000015
(1)
WN11-SO-000020
(1)
WN11-SO-000025
(1)
WN11-SO-000030
(1)
WN11-SO-000050
(1)
WN11-SO-000055
(1)
WN11-SO-000070
(1)
WN11-SO-000075
(1)
WN11-SO-000085
(1)
WN11-SO-000110
(1)
WN11-SO-000145
(1)
WN11-SO-000150
(1)
WN11-SO-000160
(1)
WN11-SO-000165
(1)
WN11-SO-000167
(1)
WN11-SO-000180
(1)
WN11-SO-000190
(1)
WN11-SO-000195
(1)
WN11-SO-000205
(1)
WN11-SO-000210
(1)
WN11-SO-000245
(1)
WN11-SO-000250
(1)
WN11-SO-000255
(1)
WN11-SO-000260
(1)
WN11-SO-000265
(1)
WN11-SO-000270
(1)
WN11-SO-000275
(1)
WN11-UR-000030
(1)
WN11-UR-000065
(1)
WN11-UR-000085
(1)
WN11-UR-000095
(1)
Rule IDs
SV-220938r991589_rule
(1)
SV-253263r1016364_rule
(1)
SV-253264r991589_rule
(1)
SV-253265r958472_rule
(1)
SV-253273r1051040_rule
(1)
SV-253275r958478_rule
(1)
SV-253277r958478_rule
(1)
SV-253281r991589_rule
(1)
SV-253284r958928_rule
(1)
SV-253285r958478_rule
(1)
SV-253287r958478_rule
(1)
SV-253288r958478_rule
(1)
SV-253297r958736_rule
(1)
SV-253298r958388_rule
(1)
SV-253299r958388_rule
(1)
SV-253300r1000103_rule
(1)
SV-253301r1016427_rule
(1)
SV-253302r1016428_rule
(1)
SV-253303r1016429_rule
(1)
SV-253304r1051045_rule
(1)
SV-253305r1051046_rule
(1)
SV-253324r991583_rule
(1)
SV-253337r958752_rule
(1)
SV-253338r958752_rule
(1)
SV-253339r958752_rule
(1)
SV-253341r958434_rule
(1)
SV-253342r958434_rule
(1)
SV-253353r991589_rule
(1)
SV-253357r958518_rule
(1)
SV-253358r958478_rule
(1)
SV-253360r991589_rule
(1)
SV-253362r991589_rule
(1)
SV-253367r958422_rule
(1)
SV-253368r991589_rule
(1)
SV-253370r991589_rule
(1)
SV-253372r991589_rule
(1)
SV-253373r991589_rule
(1)
SV-253374r958478_rule
(1)
SV-253376r958478_rule
(1)
SV-253378r958478_rule
(1)
SV-253379r958478_rule
(1)
SV-253380r1051049_rule
(1)
SV-253381r1051050_rule
(1)
SV-253382r958524_rule
(1)
SV-253385r958478_rule
(1)
SV-253386r958804_rule
(1)
SV-253387r958804_rule
(1)
SV-253388r958804_rule
(1)
SV-253391r958518_rule
(1)
SV-253393r958564_rule
(1)
SV-253395r958478_rule
(1)
SV-253398r991589_rule
(1)
SV-253404r1051052_rule
(1)
SV-253407r991589_rule
(1)
SV-253408r958478_rule
(1)
SV-253409r958478_rule
(1)
SV-253413r991591_rule
(1)
SV-253414r958422_rule
(1)
SV-253432r958482_rule
(1)
SV-253433r958504_rule
(1)
SV-253434r991589_rule
(1)
SV-253435r991589_rule
(1)
SV-253436r991589_rule
(1)
SV-253437r958442_rule
(1)
SV-253441r991589_rule
(1)
SV-253442r991589_rule
(1)
SV-253444r958636_rule
(1)
SV-253445r958392_rule
(1)
SV-253447r991589_rule
(1)
SV-253450r987796_rule
(1)
SV-253453r991589_rule
(1)
SV-253454r958524_rule
(1)
SV-253455r991589_rule
(1)
SV-253456r958524_rule
(1)
SV-253457r1081060_rule
(1)
SV-253458r991589_rule
(1)
SV-253460r971535_rule
(1)
SV-253461r1051056_rule
(1)
SV-253462r991589_rule
(1)
SV-253463r991589_rule
(1)
SV-253468r1051057_rule
(1)
SV-253469r958518_rule
(1)
SV-253471r1051058_rule
(1)
SV-253472r958518_rule
(1)
SV-253473r958518_rule
(1)
SV-253474r1051059_rule
(1)
SV-253475r958518_rule
(1)
SV-253483r958726_rule
(1)
SV-253490r958726_rule
(1)
SV-253494r958472_rule
(1)
SV-253496r958726_rule
(1)
Tags
AppLocker
All AppLocker events
EventSentry
All EventSentry events
Security
All Windows Security events
stig
All stig events
Vulnerability ID
Severity
Description
V-253263
High
Windows 11 systems must be maintained at a supported servicing level
V-253391
Medium
Windows 11 administrator accounts must not be enumerated during elevation
V-253301
Medium
The maximum password age must be configured to 60 days or less
V-253435
Medium
The built-in administrator account must be renamed
V-253303
Medium
Passwords must, at a minimum, be 14 characters
V-253302
Medium
The minimum password age must be configured to at least 1 day
V-253385
Low
The Application Compatibility Program Inventory must be prevented from collecting data and sendin...
V-253436
Medium
The built-in guest account must be renamed
V-253494
Medium
The "Deny log on locally" user right on workstations must be configured to prevent access from hi...
V-253496
Medium
The "Enable computer and user accounts to be trusted for delegation" user right must not be assig...
V-253434
Medium
Local accounts with blank passwords must be restricted to prevent access from the network
V-253357
Medium
Local administrator accounts must have their privileged token filtered to prevent elevated privil...
V-253432
Medium
The built-in administrator account must be disabled.
V-253433
Medium
The built-in guest account must be disabled
V-253265
High
Local volumes must be formatted using NTFS
V-253409
Medium
Indexing of encrypted files must be turned off
V-253483
Medium
The "Back up files and directories" user right must only be assigned to the Administrators group
V-253324
Medium
The system must be configured to audit Object Access - Removable Storage successes
V-253297
Medium
Windows 11 account lockout duration must be configured to 15 minutes or greater
V-253368
Medium
Windows 11 must be configured to enable Remote host allows delegation of non-exportable credentials
V-253413
Medium
Automatically signing in the last interactive user after a system-initiated restart must be disabled
V-253304
Medium
The built-in Microsoft password complexity filter must be enabled
V-253299
Medium
The period of time before the bad logon counter is reset must be configured to 15 minutes
V-253305
High
Reversible password encryption must be disabled
V-253441
Low
The computer account password must not be prevented from being reset
V-253298
Medium
The number of allowed bad logon attempts must be configured to three or less
V-253468
Medium
User Account Control approval mode for the built-in Administrator must be enabled
V-253471
Medium
User Account Control must automatically deny elevation requests for standard users
V-253474
Medium
User Account Control must run all administrators in Admin Approval Mode, enabling UAC
V-253472
Medium
User Account Control must be configured to detect application installations and prompt for elevation
V-253475
Medium
User Account Control must virtualize file and registry write failures to per-user locations
V-253469
Medium
User Account Control must prompt administrators for consent on the secure desktop
V-253473
Medium
User Account Control must only elevate UIAccess applications that are installed in secure locations
V-253380
Medium
Users must be prompted for a password on resume from sleep (on battery)
V-253381
Medium
The user must be prompted for a password on resume from sleep (plugged in)
V-253367
Medium
Command line data must be included in process creation events
V-253337
Medium
The Application event log size must be configured to 32768 KB or greater
V-253338
Medium
The Security event log size must be configured to 1024000 KB or greater
V-253339
Medium
The System event log size must be configured to 32768 KB or greater
V-253437
Medium
Audit policy using subcategories must be enabled
V-253341
Medium
Windows 11 permissions for the Security event log must prevent access by non-privileged accounts
V-253342
Medium
Windows 11 permissions for the System event log must prevent access by non-privileged accounts
V-253386
High
Autoplay must be turned off for non-volume devices
V-253388
High
Autoplay must be disabled for all drives
V-253387
High
The default autorun behavior must be configured to prevent autorun commands
V-253358
Medium
WDigest Authentication must be disabled
V-253490
High
The "Debug programs" user right must only be assigned to the Administrators group
V-253370
High
Credential Guard must be running on Windows 11 domain-joined systems
V-253447
Low
Caching of logon credentials must be limited
V-253373
Medium
Group Policy objects must be reprocessed even if they have not changed
V-253362
Medium
Hardened UNC Paths must be defined to require mutual authentication and integrity for at least th...
V-253379
Medium
Local users on domain-joined computers must not be enumerated
V-253442
Low
The maximum age for machine account passwords must be configured to 30 days or less
V-253463
Medium
The system must be configured to the required LDAP client signing level
V-253284
High
Structured Exception Handling Overwrite Protection (SEHOP) must be enabled
V-253398
Medium
File Explorer shell protocol must run in protected mode
V-253264
High
The Windows 11 system must use an antivirus program
V-253374
Medium
Downloading print driver packages over HTTP must be prevented
V-253372
Medium
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers
V-253275
High
Internet Information System (IIS) or its subcomponents must not be installed on a workstation
V-253444
Medium
The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver
V-253376
Medium
Printing over HTTP must be prevented
V-253382
High
Solicited Remote Assistance must not be allowed
V-253395
Medium
The Microsoft Defender SmartScreen for Explorer must be enabled
V-253281
Medium
A host-based firewall must be installed and enabled on the system
V-253408
Medium
Basic authentication for RSS feeds over HTTP must not be used
V-253378
Medium
The network selection user interface (UI) must not be displayed on the logon screen
V-253407
Medium
Attachments must be prevented from being downloaded from RSS feeds
V-253445
Medium
The required legal notice must be configured to display before console logon
V-253453
High
Anonymous enumeration of SAM accounts must not be allowed
V-253454
High
Anonymous enumeration of shares must be restricted
V-253360
Medium
Insecure logons to an SMB server must be disabled
V-253460
Medium
Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites
V-253462
High
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
V-220938
High
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
V-253455
Medium
The system must be configured to prevent anonymous users from having the same rights as the Every...
V-253288
Medium
The Server Message Block (SMB) v1 protocol must be disabled on the SMB client
V-253287
Medium
The Server Message Block (SMB) v1 protocol must be disabled on the SMB server
V-253458
Medium
NTLM must be prevented from falling back to a Null session
V-253456
High
Anonymous access to Named Pipes and Shares must be restricted
V-253457
Medium
Remote calls to the Security Account Manager (SAM) must be restricted to Administrators
V-253450
Medium
Unencrypted passwords must not be sent to third-party SMB Servers
V-253353
Medium
IPv6 source routing must be configured to highest protection
V-253277
Medium
Simple TCP/IP Services must not be installed on the system
V-253300
Medium
The password history must be configured to 24 passwords remembered
V-253273
Medium
Accounts must be configured to require password expiration
V-253461
High
The system must be configured to prevent the storage of the LAN Manager hash of passwords
V-253414
Medium
PowerShell script block logging must be enabled on Windows 11
V-253285
Medium
The Windows PowerShell 2.0 feature must be disabled on the system
V-253393
Medium
Windows Telemetry must not be configured to Full
V-253404
Medium
Remote Desktop Services must always prompt a client for passwords upon connection