13461-missing-win10-CIS-9.3.9 (#13514)

ee/cis/win-10/cis-policy-queries.yml

@@ -3616,6 +3616,27 @@ spec:
 ---
 apiVersion: v1
 kind: policy
+spec:
+  name: >
+    CIS - Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'
+  platforms: win10
+  platform: windows
+  description: |
+    Use this option to log when Windows Firewall with Advanced Security discards an inbound packet
+    for any reason. The log records why and when the packet was dropped. Look for entries with the
+    word DROP in the action column of the log.
+    The recommended state for this setting is: Yes.
+  resolution: |
+    To establish the recommended configuration via GP, set the following UI path to Yes:
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Logging Customize\Log dropped packets'
+  query: |
+    SELECT * FROM registry WHERE (key = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging\LogDroppedPackets' and data == 1);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.9
+  contributors: RachelElysia
+---
+apiVersion: v1
+kind: policy
 spec:
   name: >
     CIS - Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'