API → UI component mappings · 90,813 documents
| ID | Document | Source |
|---|---|---|
| 5cefb4980ddaeb02 | SCA Check 16027: Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007']… | wazuh-sca |
| c847c085ded266f0 | SCA Check 16028: Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0009',… | wazuh-sca |
| c04e5deb86fa27cb | SCA Check 16029: Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics:… | wazuh-sca |
| d60003a02d92a16d | SCA Check 16030: Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques:… | wazuh-sca |
| 5f7169c09c664abf | SCA Check 16031: Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007']… | wazuh-sca |
| cdbcb603fbe1b283 | SCA Check 16032: Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0006', 'TA0003']… | wazuh-sca |
| 37a157b652471071 | SCA Check 16033: Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only). Policy: CIS Microsoft Windows Server 2016… | wazuh-sca |
| 6dbeae19485c031c | SCA Check 16034: Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques: ['T1595',… | wazuh-sca |
| ac3f3e1ef40decc9 | SCA Check 16035: Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (MS only). Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007']… | wazuh-sca |
| a86520ed5677abaa | SCA Check 16036: Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' (MS only). Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics:… | wazuh-sca |
| 7c7806f185f6fb3f | SCA Check 16037: Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics:… | wazuh-sca |
| 483aad34a18762bd | SCA Check 16038: Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques:… | wazuh-sca |
| b9575473c6f630f0 | SCA Check 16039: Configure 'Network access: Named Pipes that can be accessed anonymously' (DC only). Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques: ['T1595',… | wazuh-sca |
| 1e72cfedc758477e | SCA Check 16040: Configure 'Network access: Remotely accessible registry paths' is configured. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques: ['T1595', 'T1046',… | wazuh-sca |
| 0a74296920ce3495 | SCA Check 16041: Configure 'Network access: Remotely accessible registry paths and sub-paths' is configured. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques: ['T1595',… | wazuh-sca |
| 0de4a43b72cdcfdf | SCA Check 16042: Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques:… | wazuh-sca |
| 715ffb55fd7a180f | SCA Check 16043: Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only). Policy: CIS Microsoft Windows Server 2016… | wazuh-sca |
| 2b75c29de3700226 | SCA Check 16044: Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0004', 'TA0005'] Techniques:… | wazuh-sca |
| 85a01a4ce2385e99 | SCA Check 16045: Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'. Policy: CIS Microsoft Windows Server 2016 v2.0.0… | wazuh-sca |
| 6520c181ff265d4d | SCA Check 16046: Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques:… | wazuh-sca |
| 61ecb9f927130f26 | SCA Check 16047: Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques: ['T1595',… | wazuh-sca |
| c7dd5c8a048b2526 | SCA Check 16048: Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0… | wazuh-sca |
| a5a597c14d34283d | SCA Check 16049: Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'. Policy: CIS Microsoft Windows… | wazuh-sca |
| 8678f6f1eda5336e | SCA Check 16050: Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0009',… | wazuh-sca |
| 4473585463722362 | SCA Check 16051: Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0006', 'TA0003'] Techniques:… | wazuh-sca |
| 715da4654b6f730b | SCA Check 16052: Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics:… | wazuh-sca |
| e5bdc56a4b1d742e | SCA Check 16053: Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0009', 'TA0010']… | wazuh-sca |
| 0d752497f44378be | SCA Check 16054: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'. Policy:… | wazuh-sca |
| 07c3f72f67ededc5 | SCA Check 16055: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'. Policy:… | wazuh-sca |
| 04dd60c8f80b77b4 | SCA Check 16056: Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques:… | wazuh-sca |
| 6ec03122190abee2 | SCA Check 16057: Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0005'] Techniques:… | wazuh-sca |
| 44cc243fc988bed3 | SCA Check 16058: Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0… | wazuh-sca |
| d9a3c2a5fe570c3f | SCA Check 16059: Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0006',… | wazuh-sca |
| 6bc8487605b7a354 | SCA Check 16060: Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' or higher. Policy: CIS… | wazuh-sca |
| 27b48a227031f02b | SCA Check 16061: Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'. Policy: CIS Microsoft Windows Server 2016 v2.0.0… | wazuh-sca |
| 0f8ed90cc06f2aa9 | SCA Check 16062: Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007']… | wazuh-sca |
| 22bb696974e0f7bd | SCA Check 16063: Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0… | wazuh-sca |
| 36c87ca04ce6ef42 | SCA Check 16064: Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007'] Techniques:… | wazuh-sca |
| 05a496436598b62c | SCA Check 16065: Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0007']… | wazuh-sca |
| c49d5bcfd029b7f1 | SCA Check 16066: Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics:… | wazuh-sca |
| fc1271f046dadfb1 | SCA Check 16067: Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (DC only). Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] This service… | wazuh-sca |
| 87a84d0d3b41a00d | SCA Check 16068: Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only). Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0005'] Techniques: ['T1036', 'T1564'] This service… | wazuh-sca |
| f491250a74fcd82b | SCA Check 16069: Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0001', 'TA0011'] Techniques: ['T1046',… | wazuh-sca |
| ce295252322f3fea | SCA Check 16070: Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0001', 'TA0011'] Techniques:… | wazuh-sca |
| 6d1aaf322b9f143b | SCA Check 16071: Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0001', 'TA0011'] Techniques:… | wazuh-sca |
| cde6e94906b64fd5 | SCA Check 16072: Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0001', 'TA0011'] Techniques:… | wazuh-sca |
| 4e7c6a1ffb448b7c | SCA Check 16073: Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics:… | wazuh-sca |
| f47f31d83609c697 | SCA Check 16074: Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0001', 'TA0011']… | wazuh-sca |
| 3a3eb9184b0a0a8c | SCA Check 16075: Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0001', 'TA0011'] Techniques: ['T1046',… | wazuh-sca |
| fb26ab7f4696c338 | SCA Check 16076: Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'. Policy: CIS Microsoft Windows Server 2016 v2.0.0 Tactics: ['TA0001', 'TA0011'] Techniques:… | wazuh-sca |