Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0508Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0523Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0524Ensure LDAP (TCP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0526Ensure LDAP (TCP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0530Ensure Memcached SSL (TCP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0531Ensure Memcached SSL (TCP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0532Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0536Ensure Oracle DB (TCP:2483) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0537Ensure Oracle DB (TCP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0540Ensure Oracle DB (UDP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0609Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AZURE_0060Ensure that UDP access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0189Ensure Web Application Firewall(WAF) is enabled for Azure Application GatewayAzureInfrastructure Security
MEDIUM
AC_AZURE_0204Ensure Synapse Workspace is not accessible to public via Azure Synapse Firewall RuleAzureInfrastructure Security
MEDIUM
AC_AWS_0008Ensure stage caching is enabled for AWS API Gateway Method SettingsAWSCompliance Validation
MEDIUM
AC_AWS_0011Ensure that the endpoint type is set to private for API Gateway Rest APIAWSInfrastructure Security
MEDIUM
AC_AWS_0020Ensure failover criteria is set for AWS Cloudfront DistributionAWSResilience
MEDIUM
AC_AWS_0205Ensure record sets are configured for AWS Route53HostedZonesAWSLogging and Monitoring
HIGH
AC_AWS_0230Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0235Ensure Security Groups do not have unrestricted specific ports open - Elasticsearch (TCP,9300)AWSInfrastructure Security
HIGH
AC_AWS_0250Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (UDP,11214)AWSInfrastructure Security
HIGH
AC_AWS_0251Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (UDP,11215)AWSInfrastructure Security
HIGH
AC_AWS_0255Ensure Security Groups do not have unrestricted specific ports open - NetBIOS Name Service (UDP,137)AWSInfrastructure Security
HIGH
AC_AWS_0260Ensure Security Groups do not have unrestricted specific ports open - Oracle DB SSL (TCP,2484)AWSInfrastructure Security
HIGH
AC_AWS_0261Ensure Security Groups do not have unrestricted specific ports open - Oracle DB SSL (UDP,2484)AWSInfrastructure Security
HIGH
AC_AWS_0266Ensure Security Groups do not have unrestricted specific ports open - SNMP (UDP,161)AWSInfrastructure Security
HIGH
AC_AWS_0271Ensure Security Groups do not have unrestricted specific ports open - Telnet (TCP,23)AWSInfrastructure Security
HIGH
AC_AWS_0273Ensure Security Groups do not have unrestricted specific ports open - CIFS for file/printer (TCP,445)AWSInfrastructure Security
HIGH
AC_AWS_0277Ensure SaltStack Master (TCP,4505) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0279Ensure CIFS / SMB (TCP,3020) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0281Ensure Cassandra (TCP,7001) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0286Ensure MSSQL Admin (TCP,1434) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0291Ensure Memcached SSL (TCP,11215) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0296Ensure NetBIOS Name Service (TCP,137) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0297Ensure NetBIOS Name Service (UDP,137) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0309Ensure SQL Server Analysis Service browser (TCP,2382) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0314Ensure SMTP (TCP,25) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0315Ensure CIFS for file/printer (TCP,445) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0322Ensure Security Groups Unrestricted Specific Ports https (TCP,443) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0338Ensure Cassandra' (TCP,7001) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0339Ensure HadoopNameNode' (TCP,9000) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0341Ensure LDAPSSL' (TCP,636) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0345Ensure NetBIOSNameService' (TCP,137) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0352Ensure PostgresSQL' (UDP,5432) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0439Ensure authorization is enabled for AWS API Gateway MethodAWSInfrastructure Security
HIGH
AC_AWS_0441Ensure HTTP2 is enabled for AWS LB (Load Balancer)AWSInfrastructure Security
LOW
AC_AWS_0442Ensure access logging is enabled for AWS API Gateway V2 APIAWSSecurity Best Practices
MEDIUM
AC_AWS_0450Ensure no wildcards are being used in AWS API Gateway Rest API PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0454Ensure one HTTPS listener is configured for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0515Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internetAWSInfrastructure Security
HIGH