Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_GCP_0239Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_memberGCPIdentity and Access Management
HIGH
AC_GCP_0253Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'GCPCompliance Validation
LOW
AC_AWS_0632Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_GCP_0027Ensure Master Authorized Networks is EnabledGCPInfrastructure Security
HIGH
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_AZURE_0416Ensure that traffic analytics is enabled via Azure Network Watcher Flow LogAzureSecurity Best Practices
MEDIUM
AC_AZURE_0418Ensure that Network Watcher is 'Enabled'AzureLogging and Monitoring
HIGH
AC_GCP_0038Ensure default setting for OSLogin is not overridden by Google Compute InstanceGCPIdentity and Access Management
LOW
AC_AWS_0226Ensure secrets should be auto-rotated after not more than 90 daysAWSCompliance Validation
HIGH
AC_AWS_0470Ensure cloud users don't have any direct permissions in AWS IAM User PolicyAWSIdentity and Access Management
MEDIUM
AC_GCP_0002Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSLGCPInfrastructure Security
HIGH
AC_K8S_0001Configure Image Provenance using ImagePolicyWebhook admission controllerKubernetesIdentity and Access Management
MEDIUM
AC_AWS_0138Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_GCP_0271Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_GCP_0016Ensure container-optimized OS (COS) is used for Google Container Node PoolGCPCompliance Validation
LOW
AC_GCP_0289Ensure cloud instance snapshots are encrypted through Google Compute SnapshotGCPData Protection
MEDIUM
AC_AWS_0004Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0006Ensure Amazon Machine Image (AMI) is not shared among multiple accountsAWSInfrastructure Security
MEDIUM
AC_AWS_0018Ensure encryption is enabled for AWS Athena QueryAWSData Protection
MEDIUM
AC_AWS_0070Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instancesAWSSecurity Best Practices
MEDIUM
AC_AWS_0109Ensure latest version of elasticsearch engine is used for AWS ElasticSearch DomainsAWSCompliance Validation
MEDIUM
AC_AWS_0112Ensure encryption at-rest is enabled for AWS ElasticSearch DomainsAWSData Protection
HIGH
AC_AWS_0114Ensure node-to-node encryption is enabled for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0178Ensure customer owned KMS key is used for encrypting AWS MQ BrokersAWSData Protection
HIGH
AC_AWS_0451Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log GroupAWSData Protection
HIGH
AC_AWS_0460Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery StreamAWSData Protection
HIGH
AC_AZURE_0134Ensure that minimum TLS version is set to 1.2 for Azure MSSQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0224Ensure latest TLS/SSL version is in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0180Ensure load balancer is enabled for Azure Front DoorAzureResilience
MEDIUM
AC_AZURE_0347Ensure that automatic failover is enabled for Azure CosmosDB AccountAzureData Protection
MEDIUM
AC_AWS_0428Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AZURE_0375Ensure that 'Auditing' Retention is 'greater than 90 days'AzureCompliance Validation
LOW
AC_GCP_0025Ensure use of VPC-native clustersGCPCompliance Validation
HIGH
AC_GCP_0030Ensure Stackdriver Kubernetes Logging and Monitoring is EnabledGCPLogging and Monitoring
HIGH
AC_GCP_0337Ensure Cloud Asset Inventory Is EnabledGCPLogging and Monitoring
MEDIUM
AC_K8S_0090Ensure that the --basic-auth-file argument is not setKubernetesIdentity and Access Management
MEDIUM
AC_GCP_0282Ensure That Compute Instances Do Not Have Public IP AddressesGCPInfrastructure Security
MEDIUM
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AZURE_0354Ensure that VPN Encryption is enabled for Azure Virtual WANAzureInfrastructure Security
MEDIUM
S3_AWS_0013Ensure there are no world-writeable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
S3_AWS_0014Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
AC_AWS_0019Ensure there is no policy with Empty array ActionAWSIdentity and Access Management
LOW
AC_AWS_0223Ensure 'allow getAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0224Ensure 'allow putAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AZURE_0121Ensure HTTPS is enabled for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0125Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabledAzureInfrastructure Security
MEDIUM
AC_AWS_0036Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_K8S_0004Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event captureKubernetesLogging and Monitoring
LOW