Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0128Ensure S3 encryption configuration is configured for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0129Ensure CloudWatch log encryption is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0162Ensure that access policy is updated for AWS Key Management Service (KMS) keyAWSIdentity and Access Management
HIGH
AC_AWS_0165Ensure environment variables do not use AWS secret keys, access keys, or access tokens for AWS Lambda FunctionsAWSIdentity and Access Management
HIGH
AC_AWS_0216Ensure AWS S3 Bucket object ownership is more restrictiveAWSIdentity and Access Management
MEDIUM
AC_AWS_0377Ensure permissions are tightly controlled for AWS EFS File SystemAWSIdentity and Access Management
HIGH
AC_AWS_0406Ensure NotResource is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0407Ensure Effect is set to 'Deny' if Resource is used in Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0422Ensure AWS Redshift Snapshot Retention Policy is more than 7 daysAWSCompliance Validation
MEDIUM
AC_AWS_0439Ensure authorization is enabled for AWS API Gateway MethodAWSInfrastructure Security
HIGH
AC_AWS_0450Ensure no wildcards are being used in AWS API Gateway Rest API PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0476Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW
AC_AWS_0492Ensure use of NotAction with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0494Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0619Ensure AWS Lambda function permissions have a source ARN specifiedAWSIdentity and Access Management
MEDIUM
AC_AZURE_0138Ensure geo-redundant backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0150Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale SetAzureCompliance Validation
MEDIUM
AC_AZURE_0187Ensure user id's are all system managed for Azure Container GroupAzureIdentity and Access Management
LOW
AC_AZURE_0197Ensure custom script extensions are not used in Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0199Ensure HTTPS is allowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AZURE_0200Ensure custom script extensions are not used in Azure Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0407Ensure geo-redundant backups are enabled for Azure PostgreSQL ServerAzureResilience
MEDIUM
AC_AZURE_0548Ensure disk encryption is enabled for Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0551Ensure geo-redundant backups are enabled for Azure MySQL Flexible ServerAzureData Protection
HIGH
AC_GCP_0272Ensure shielded nodes are enabled for all nodes in Google Container ClusterGCPInfrastructure Security
LOW
AC_AWS_0200Ensure audit logging feature is enabled for AWS Redshift clustersAWSLogging and Monitoring
LOW
AC_AWS_0205Ensure record sets are configured for AWS Route53HostedZonesAWSLogging and Monitoring
HIGH
AC_AZURE_0403Ensure email addresses are setup for Azure PostgreSQL ServerAzureCompliance Validation
LOW
AC_AZURE_0243Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App ServiceAzureConfiguration and Vulnerability Analysis
HIGH
AC_AZURE_0250Ensure integration service environment are used for deployment of Azure Logic App WorkflowAzureSecurity Best Practices
LOW
AC_AZURE_0251Ensure key size is set on all keys for Azure Key Vault KeyAzureSecurity Best Practices
MEDIUM
AC_AZURE_0277Ensure tags are associated with Azure CosmosDB AccountAzureCompliance Validation
LOW
AC_AZURE_0289Ensure HTTP application routing has been disabled for Azure Kubernetes ClusterAzureInfrastructure Security
HIGH
AC_AZURE_0296Ensure that failed request tracing is enabled for Azure App ServiceAzureLogging and Monitoring
MEDIUM
AC_AZURE_0540Ensure `force_password_change` is set to true for AzureAD UserAzureIdentity and Access Management
HIGH
AC_GCP_0029Ensure stackdriver monitoring is enabled on Google Container ClusterGCPLogging and Monitoring
HIGH
AC_K8S_0074Ensure kernel and system level calls are not configured in all Kubernetes workloadsKubernetesIdentity and Access Management
MEDIUM
AC_AWS_0021Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0022Ensure termination protection is enabled for AWS CloudFormation StackAWSSecurity Best Practices
MEDIUM
AC_AWS_0024Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0043Ensure temporary passwords are not valid for more than 90 daysAWSIdentity and Access Management
MEDIUM
AC_AWS_0063Ensure delete protection is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSResilience
MEDIUM
AC_AWS_0073Ensure KMS customer managed keys are used for encryption of AWS DocumentDB ClustersAWSData Protection
MEDIUM
AC_AWS_0074Ensure log export is enabled for AWS DocumentDB clustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0077Ensure read-write capacities are reserved for AWS DynamoDB tablesAWSCompliance Validation
MEDIUM
AC_AWS_0100Ensure control plane logging is enabled for all log types for AWS Elastic Kubernetes Service (EKS) clustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0102Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clustersAWSCompliance Validation
HIGH
AC_AWS_0103Ensure memcached elasticache engines are not in use in AWS PCI-DSS environments for AWS ElastiCache clustersAWSCompliance Validation
HIGH
AC_AWS_0107Ensure dedicated master nodes are enabled for AWS ElasticSearch DomainsAWSLogging and Monitoring
MEDIUM
AC_AWS_0108Ensure general purpose SSD node type is not used for AWS ElasticSearch DomainsAWSCompliance Validation
HIGH