Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_GCP_0227Ensure FTP (TCP:20) is not exposed to public for Google Compute FirewallGCPInfrastructure Security
MEDIUM
AC_GCP_0235Ensure encryption is enabled for Google Cloud Storage BucketsGCPInfrastructure Security
MEDIUM
AC_AWS_0606Ensure MFA Delete is enabled on S3 bucketsAWSSecurity Best Practices
HIGH
AC_AZURE_0040Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0053Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureInfrastructure Security
HIGH
AC_GCP_0315Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on'GCPCompliance Validation
LOW
AC_AWS_0096Ensure encryption is enabled for AWS EFS file systemsAWSData Protection
HIGH
AC_AWS_0317Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0318Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0370Ensure default VPC is not used for AWS VPCAWSSecurity Best Practices
MEDIUM
AC_AWS_0509Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0514Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0517Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0528Ensure LDAP (UDP:389) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0529Ensure LDAP (UDP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0534Ensure Memcached SSL (UDP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0544Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_K8S_0108Ensure Kubernetes rolebindings with get and patch Kubernetes roles are minimized in Kubernetes RoleKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0038Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0041Ensure that the --etcd-cafile argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0094Ensure that the --authorization-mode argument is not set to AlwaysAllowKubernetesIdentity and Access Management
MEDIUM
AC_AWS_0058Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0067Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scopeAWSInfrastructure Security
HIGH
AC_AZURE_0019Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_AZURE_0556Ensure That No Custom Subscription Administrator Roles ExistAzureIdentity and Access Management
MEDIUM
AC_GCP_0317Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'GCPCompliance Validation
LOW
AC_GCP_0318Ensure That Sinks Are Configured for All Log EntriesGCPLogging and Monitoring
LOW
AC_GCP_0368Ensure Logging is enabled for HTTP(S) Load BalancerGCPSecurity Best Practices
MEDIUM
AC_AWS_0160Ensure rotation for customer created CMKs is enabledAWSData Protection
HIGH
AC_AZURE_0590Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database ServerAzureResilience
MEDIUM
AC_K8S_0005Ensure that the Anonymous Auth is Not EnabledKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0009Ensure that the --rotate-certificates argument is not present or is set to trueKubernetesData Protection
MEDIUM
AC_K8S_0040Ensure that a Client CA File is ConfiguredKubernetesData Protection
MEDIUM
AC_AWS_0562Ensure a log metric filter and alarm exist for CloudTrail configuration changesAWSSecurity Best Practices
HIGH
AC_AWS_0575Ensure that Object-level logging for read events is enabled for S3 bucketAWSIdentity and Access Management
HIGH
AC_AWS_0598Ensure a support role has been created to manage incidents with AWS SupportAWSIdentity and Access Management
MEDIUM
AC_AWS_0602Ensure rotation for customer created symmetric CMKs is enabledAWSData Protection
HIGH
AC_AZURE_0194Ensure that Register with Azure Active Directory is enabled on App ServiceAzureSecurity Best Practices
MEDIUM
AC_AZURE_0327Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureData Protection
MEDIUM
AC_AZURE_0569Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_appAzureSecurity Best Practices
MEDIUM
AC_GCP_0277Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSECGCPInfrastructure Security
MEDIUM
AC_GCP_0308Ensure That the Log Metric Filter and Alerts Exist for Custom Role ChangesGCPLogging and Monitoring
MEDIUM
AC_AWS_0595Ensure access keys are rotated every 90 days or lessAWSIdentity and Access Management
MEDIUM
AC_AZURE_0401Ensure that Azure Active Directory Admin is configuredAzureIdentity and Access Management
HIGH
AC_K8S_0024Ensure that the admission control plugin NamespaceLifecycle is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0065Ensure that a unique Certificate Authority is used for etcdKubernetesInfrastructure Security
MEDIUM
AC_K8S_0095Ensure that the --authorization-mode argument includes NodeKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0102Ensure impersonate access to Kubernetes resources is minimized in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_AZURE_0164Ensure that the Expiration Date is set for all Keys in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0245Ensure that 'HTTP Version' is the Latest, if Used to Run the Web AppAzureInfrastructure Security
MEDIUM