Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_K8S_0052Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
LOW
AC_AWS_0607Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AWS_0646Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AZURE_0419Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'AzureResilience
MEDIUM
AC_AZURE_0246Ensure that 'Java version' is the latest, if used to run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0033Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_AZURE_0128Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'AzureData Protection
MEDIUM
AC_K8S_0004Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event captureKubernetesLogging and Monitoring
LOW
AC_K8S_0103Minimize access to create podsKubernetesIdentity and Access Management
HIGH
AC_AWS_0603Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) InstanceAWSCompliance Validation
MEDIUM
AC_K8S_0093Ensure that the --kubelet-certificate-authority argument is set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0116Ensure Kubernetes Network policy attached to a pod have Ingress/Egress blocks specifiedKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0216Ensure that a 'Diagnostics Setting' existsAzureLogging and Monitoring
MEDIUM
AC_AZURE_0324Ensure that Microsoft Defender for Container Registries is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0331Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selectedAzureCompliance Validation
MEDIUM
AC_AZURE_0552Enable Role Based Access Control for Azure Key VaultAzureData Protection
LOW
AC_K8S_0030Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0042Ensure that the --encryption-provider-config argument is set as appropriateKubernetesData Protection
MEDIUM
AC_AWS_0134Ensure password policy requires at least one lowercase character for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AWS_0609Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_GCP_0366Ensure API Keys Are Restricted to Only APIs That Application Needs AccessGCPSecurity Best Practices
MEDIUM
AC_K8S_0086The default namespace should not be usedKubernetesSecurity Best Practices
LOW
AC_AZURE_0169Ensure that logging for Azure KeyVault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_AZURE_0557Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_K8S_0021Ensure that the admission control plugin AlwaysPullImages is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0026Ensure that the admission control plugin NodeRestriction is setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0044Ensure that the --terminated-pod-gc-threshold argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0053Ensure that the --use-service-account-credentials argument is set to trueKubernetesIdentity and Access Management
LOW
AC_AZURE_0376Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_GCP_0015Ensure Node Auto-Repair is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_K8S_0018Ensure that the --authorization-mode argument includes RBACKubernetesIdentity and Access Management
MEDIUM
S3_AWS_0015Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_AZURE_0156Enable role-based access control (RBAC) within Azure Kubernetes ServicesAzureIdentity and Access Management
MEDIUM
AC_AZURE_0247Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0032Ensure that the --audit-log-maxage argument is set to 30 or as appropriateKubernetesLogging and Monitoring
MEDIUM
S3_AWS_0005Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_K8S_0007Ensure that the --authorization-mode argument is not set to AlwaysAllowKubernetesIdentity and Access Management
HIGH
AC_K8S_0056Ensure that the RotateKubeletServerCertificate argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0064Apply Security Context to Your Pods and ContainersKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_GCP_0027Ensure Master Authorized Networks is EnabledGCPInfrastructure Security
HIGH
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_AZURE_0332Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_GCP_0336Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to UsersGCPIdentity and Access Management
LOW
AC_K8S_0062Ensure that the --peer-client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0063Ensure that the --peer-auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0044Ensure that Azure Active Directory Admin is Configured for SQL ServersAzureIdentity and Access Management
HIGH
AC_AZURE_0409Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_AZURE_0555Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'AzureData Protection
MEDIUM
AC_GCP_0271Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW