From 80df9e4c51a2c8c595c1666b54f73e8996c48ab1 Mon Sep 17 00:00:00 2001
From: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
Date: Fri, 25 Aug 2023 13:37:03 -0400
Subject: [PATCH] 13461-missing-win10-CIS-9.3.9 (#13514)

---
 ee/cis/win-10/cis-policy-queries.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/ee/cis/win-10/cis-policy-queries.yml b/ee/cis/win-10/cis-policy-queries.yml
index 94536ed31c..0f46241cc2 100644
--- a/ee/cis/win-10/cis-policy-queries.yml
+++ b/ee/cis/win-10/cis-policy-queries.yml
@@ -3616,6 +3616,27 @@ spec:
 ---
 apiVersion: v1
 kind: policy
+spec:
+  name: >
+    CIS - Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'
+  platforms: win10
+  platform: windows
+  description: |
+    Use this option to log when Windows Firewall with Advanced Security discards an inbound packet
+    for any reason. The log records why and when the packet was dropped. Look for entries with the
+    word DROP in the action column of the log.
+    The recommended state for this setting is: Yes.
+  resolution: |
+    To establish the recommended configuration via GP, set the following UI path to Yes:
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Logging Customize\Log dropped packets'
+  query: |
+    SELECT * FROM registry WHERE (key = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging\LogDroppedPackets' and data == 1);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.9
+  contributors: RachelElysia
+---
+apiVersion: v1
+kind: policy
 spec:
   name: >
     CIS - Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'