mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 01:45:21 +00:00
48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
title: Locked Workstation
|
|
id: 411742ad-89b0-49cb-a7b0-3971b5c1e0a4
|
|
status: stable
|
|
description: Automatically lock workstation sessions after a standard period of inactivity. The case is not applicable for Unix OS. Supported OS - Windows 2008 R2
|
|
and 7, Windows 2012 R2 and 8.1, Windows 2016 and 10 Windows Server 2019.
|
|
author: Alexandr Yampolskyi, SOC Prime
|
|
date: 2019/03/26
|
|
references:
|
|
- https://www.cisecurity.org/controls/cis-controls-list/
|
|
- https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
|
|
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
|
|
- https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4800
|
|
logsource:
|
|
product: windows
|
|
service: security
|
|
detection:
|
|
selection:
|
|
EventID:
|
|
- 4800
|
|
condition: selection
|
|
falsepositives:
|
|
- unknown
|
|
level: low
|
|
tags:
|
|
- CSC16
|
|
- CSC16.11
|
|
- ISO27002-2013 A.9.1.1
|
|
- ISO27002-2013 A.9.2.1
|
|
- ISO27002-2013 A.9.2.2
|
|
- ISO27002-2013 A.9.2.3
|
|
- ISO27002-2013 A.9.2.4
|
|
- ISO27002-2013 A.9.2.5
|
|
- ISO27002-2013 A.9.2.6
|
|
- ISO27002-2013 A.9.3.1
|
|
- ISO27002-2013 A.9.4.1
|
|
- ISO27002-2013 A.9.4.3
|
|
- ISO27002-2013 A.11.2.8
|
|
- PCI DSS 3.1 7.1
|
|
- PCI DSS 3.1 7.2
|
|
- PCI DSS 3.1 7.3
|
|
- PCI DSS 3.1 8.7
|
|
- PCI DSS 3.1 8.8
|
|
- NIST CSF 1.1 PR.AC-1
|
|
- NIST CSF 1.1 PR.AC-4
|
|
- NIST CSF 1.1 PR.AC-6
|
|
- NIST CSF 1.1 PR.AC-7
|
|
- NIST CSF 1.1 PR.PT-3
|