Windows has many built in security features that are often overlooked by system administrators – one of these is the Local Security Policy. The LSP controls many things to do with security such as; password variables, audit thresholds, some network settings, and a few misc policies. CloudPassage Halo has the ability to check those settings via a configuration policy. We provide a policy that is aligned to CIS (Center for Internet Security) best practice recommendations that will allow you to see what your current settings are, and what you need to do to fix them.
As you can see below, Halo offers checks for several different Local Security Policy settings in its Configuration Security Monitoring module for Windows.
An example would be the “Audit account logon event”. If you select this setting a description of the different possible values will pop up under the “desired value” field. You can see your options as; Possible values: 0 (none), 1 (Success), 2 (Failure), 3 (Success & Failure). Possible operators: NOT.
After entering the value you want, you can then save the check and apply the policy to the Windows group you wish to monitor.
To access the CloudPassage ready built Windows CSM policy templates that are tailored to CIS guidelines, login to your portal account and click here. You may now clone the policy and make customizations as you see fit.