Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0221Ensure CORS is configured to allow only trusted clients for Azure Healthcare ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0222Ensure failing azure functions have email alerts configured for Azure Monitor Action GroupAzureCompliance Validation
MEDIUM
AC_AZURE_0267Ensure that 'Phone number' is set for Azure Security Center ContactAzureSecurity Best Practices
MEDIUM
AC_AZURE_0269Ensure that Accelerated Networking feature is enabled for Azure virtual machines (VMs)AzureCompliance Validation
LOW
AC_AZURE_0297Ensure that Azure Files are used for Azure App ServiceAzureResilience
MEDIUM
AC_AZURE_0302Ensure read, write and delete request logging is enabled for queue service in Azure Storage AccountAzureLogging and Monitoring
MEDIUM
AC_AZURE_0306Ensures that Active Directory is used for authentication for Azure Service Fabric ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0363Ensure ssh keys are used to auth Azure Virtual MachineAzureIdentity and Access Management
MEDIUM
AC_AZURE_0369Ensure that VM agent is installed on Azure Virtual MachineAzureCompliance Validation
LOW
AC_AZURE_0541Ensure permission type is not set to 'Admin' in oauth2_permissions for AzureAD ApplicationAzureIdentity and Access Management
HIGH
AC_GCP_0283Ensure KMS customer managed keys are used in Google Dataflow JobGCPData Protection
MEDIUM
AC_GCP_0290Ensure master authorized networks config block is set for Google Container ClusterGCPInfrastructure Security
LOW
AC_K8S_0127Ensure metadata annotations are restricted in an Ingress objectKubernetesInfrastructure Security
HIGH
AC_AZURE_0036Ensure the storage account containing the container with activity logs is encrypted with Customer Managed KeyAzureData Protection
MEDIUM
AC_AZURE_0048Ensure That 'Notify about alerts with the following severity' is Set to 'High'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0136Ensure that 'Auditing' Retention is 'greater than 90 days'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0137Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0218Ensure that Activity Log Alert exists for Create Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AZURE_0348Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_GCP_0268Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or FewerGCPIdentity and Access Management
LOW
AC_GCP_0270Ensure the GKE Metadata Server is EnabledGCPSecurity Best Practices
LOW
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_GCP_0027Ensure Master Authorized Networks is EnabledGCPInfrastructure Security
HIGH
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_GCP_0004Ensure That There Are Only GCP-Managed Service Account Keys for Each Service AccountGCPIdentity and Access Management
LOW
AC_GCP_0028Ensure Legacy Authorization (ABAC) is DisabledGCPIdentity and Access Management
HIGH
AC_AZURE_0001Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0235Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_GCP_0271Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_AWS_0565Ensure a log metric filter and alarm exist for S3 bucket policy changesAWSSecurity Best Practices
HIGH
AC_AZURE_0021Ensure Soft Delete is Enabled for Azure Containers and Blob StorageAzureData Protection
MEDIUM
AC_AZURE_0061Ensure that SSH access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0062Ensure that RDP access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0191Ensure Web App is using the latest version of TLS encryptionAzureInfrastructure Security
MEDIUM
AC_AZURE_0232Ensure the Storage Container Storing the Activity Logs is not Publicly AccessibleAzureInfrastructure Security
HIGH
AC_GCP_0013Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'GCPCompliance Validation
LOW
S3_AWS_0009Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.xAWSIdentity and Access Management
HIGH
AC_AWS_0081Ensure AWS EBS Volume has a corresponding AWS EBS SnapshotAWSData Protection
HIGH
AC_AWS_0145Ensure that full access to edit IAM Policies is restrictedAWSIdentity and Access Management
HIGH
AC_AWS_0374Ensure data encryption is enabled for AWS X-RayAWSData Protection
HIGH
AC_AWS_0431Ensure cloud users don't have any direct permissions in AWS IAM PolicyAWSIdentity and Access Management
MEDIUM
AC_AWS_0445Ensure policies are used for AWS CloudFormation StacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0453Ensure one target group is configured to listen on HTTPS for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0462Ensure no policy is attached that may cause privilege escalation for AWS IAM Role PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0465Ensure secrets are encrypted using AWS KMS key for AWS Secrets ManagerAWSData Protection
MEDIUM
AC_AWS_0469Ensure EMR cluster is Configured with Kerberos AuthenticationAWSInfrastructure Security
MEDIUM
AC_AWS_0473Ensure principal element is not empty in AWS IAM Trust PolicyAWSIdentity and Access Management
LOW
AC_AWS_0480Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0488Ensure there is no IAM policy with invalid policy elementAWSIdentity and Access Management
LOW
AC_AWS_0490Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked rolesAWSIdentity and Access Management
HIGH