Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AWS_0369Ensure VPC flow logging is enabled in all VPCsAWSLogging and Monitoring
LOW
AC_GCP_0007Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level - google_project_iam_bindingGCPIdentity and Access Management
HIGH
AC_GCP_0009Ensure That Cloud Audit Logging Is Configured ProperlyGCPLogging and Monitoring
LOW
AC_GCP_0316Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'GCPCompliance Validation
LOW
AC_AWS_0586Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0588Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresAWSSecurity Best Practices
HIGH
AC_GCP_0313Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly AccessibleGCPData Protection
MEDIUM
AC_GCP_0237Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_iam_bindingGCPIdentity and Access Management
MEDIUM
AC_K8S_0129Ensure that the admission control plugin PodSecurityPolicy is setKubernetesCompliance Validation
MEDIUM
AC_AWS_0584Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_GCP_0134Ensure That RDP Access Is Restricted From the InternetGCPInfrastructure Security
HIGH
AC_GCP_0260Ensure That SSH Access Is Restricted From the InternetGCPInfrastructure Security
HIGH
AC_AWS_0605Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AZURE_0167Ensure the Key Vault is RecoverableAzureData Protection
MEDIUM
AC_AZURE_0408Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database ServerAzureInfrastructure Security
HIGH
AC_GCP_0033Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC NetworkGCPLogging and Monitoring
MEDIUM
AC_AWS_0038Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_GCP_0035Ensure Compute instances are launched with Shielded VM enabledGCPInfrastructure Security
LOW
AC_AWS_0209Ensure MFA Delete is enable on S3 bucketsAWSSecurity Best Practices
HIGH
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0026Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsAzureData Protection
HIGH
S3_AWS_0010Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_AZURE_0126Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database ServerAzureInfrastructure Security
MEDIUM
AC_AWS_0432Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0606Ensure MFA Delete is enabled on S3 bucketsAWSSecurity Best Practices
HIGH
AC_AZURE_0040Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0053Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureInfrastructure Security
HIGH
AC_GCP_0024Ensure authentication using Client Certificates is DisabledGCPIdentity and Access Management
MEDIUM
AC_AWS_0140Ensure IAM password policy prevents password reuseAWSCompliance Validation
LOW
AC_AWS_0144Ensure IAM policies that allow full "*:*" administrative privileges are not attachedAWSIdentity and Access Management
HIGH
AC_AWS_0594Ensure no 'root' user account access key existsAWSIdentity and Access Management
HIGH
AC_AWS_0601Ensure hardware MFA is enabled for the 'root' user accountAWSCompliance Validation
HIGH
AC_AWS_0160Ensure rotation for customer created CMKs is enabledAWSData Protection
HIGH
AC_AZURE_0327Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureData Protection
MEDIUM
AC_AZURE_0569Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_appAzureSecurity Best Practices
MEDIUM
AC_AZURE_0194Ensure that Register with Azure Active Directory is enabled on App ServiceAzureSecurity Best Practices
MEDIUM
AC_AZURE_0245Ensure that 'HTTP Version' is the Latest, if Used to Run the Web AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0336Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0164Ensure that the Expiration Date is set for all Keys in RBAC Key VaultsAzureData Protection
HIGH
AC_GCP_0001Ensure That Cloud SQL Database Instances Are Configured With Automated BackupsGCPResilience
MEDIUM
AC_AWS_0556Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0561Ensure a log metric filter and alarm exist for IAM policy changesAWSSecurity Best Practices
HIGH
AC_AWS_0568Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)AWSSecurity Best Practices
HIGH
AC_AWS_0569Ensure a log metric filter and alarm exist for changes to network gatewaysAWSSecurity Best Practices
HIGH
AC_AWS_0572Ensure a log metric filter and alarm exists for AWS Organizations changesAWSSecurity Best Practices
HIGH
AC_AWS_0599Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedAWSIdentity and Access Management
MEDIUM
AC_AWS_0600Ensure there is only one active access key available for any single IAM userAWSIdentity and Access Management
MEDIUM
AC_GCP_0039Ensure "Block Project-Wide SSH Keys" Is Enabled for VM InstancesGCPInfrastructure Security
LOW
AC_GCP_0225Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'GCPCompliance Validation
LOW