Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0317Ensure that string variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0319Ensure that date-time variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0359Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_GCP_0243Ensure application-layer secrets are encrypted for Google Container ClusterGCPInfrastructure Security
MEDIUM
AC_K8S_0123Ensure TLS verification is enabled in Istio Destination RulesKubernetesInfrastructure Security
MEDIUM
AC_AWS_0172Ensure recommended SSL/TLS protocol version is used for AWS Elastic Load Balancers (ELB)AWSInfrastructure Security
HIGH
AC_AWS_0233Ensure Cassandra Client (TCP:9042) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0508Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0523Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0524Ensure LDAP (TCP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0526Ensure LDAP (TCP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0530Ensure Memcached SSL (TCP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0531Ensure Memcached SSL (TCP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0532Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0536Ensure Oracle DB (TCP:2483) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0537Ensure Oracle DB (TCP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0540Ensure Oracle DB (UDP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AZURE_0124Ensure latest TLS version is in use for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AWS_0214Ensure versioning is enabled for AWS S3 BucketsAWSResilience
HIGH
AC_AZURE_0394Ensure only SSL connections are enabled for Azure Redis CacheAzureInfrastructure Security
MEDIUM
AC_AWS_0212Ensure there are no publicly writeable and readable AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0068Ensure public access is disabled for AWS Database Migration Service (DMS) instancesAWSData Protection
HIGH
AC_AWS_0085Ensure permissions are tightly controlled for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
HIGH
AC_AWS_0099Ensure there are no public file systems for AWS Elastic File System (EFS)AWSIdentity and Access Management
HIGH
AC_AWS_0437Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshotsAWSInfrastructure Security
MEDIUM
AC_AZURE_0093Ensure public access is disabled for Azure IoT Hub Device Provisioning Service (DPS)AzureInfrastructure Security
MEDIUM
AC_AZURE_0094Ensure shared access policies are not used for IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0097Ensure that the Microsoft Defender for IoT Hub is enabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0103Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0135Ensure public access is disabled for Azure MSSQL ServerAzureInfrastructure Security
HIGH
AC_AZURE_0203Ensure cross account access is disabled for Azure Synapse Firewall RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0205Ensure cross account access is disabled for Azure SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0227Ensure advanced threat protection is enabled for Azure CosmosDB AccountAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AZURE_0305Ensure public access is disabled for Azure Storage SyncAzureInfrastructure Security
HIGH
AC_GCP_0245Ensure IAM roles do not impersonate or manage service accounts through Google Folder IAM BindingGCPIdentity and Access Management
LOW
AC_K8S_0112Ensure the use of externalIPs is restricted for Kubernetes serviceKubernetesInfrastructure Security
MEDIUM
AC_AWS_0071Ensure encryption at rest is enabled for AWS DocumentDB clustersAWSData Protection
MEDIUM
AC_AWS_0079Ensure default encryption is enabled for AWS EBS VolumesAWSData Protection
HIGH
AC_AWS_0125Ensure public access is disabled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0179Ensure auto minor version upgrade is enabled for AWS MQ BrokersAWSSecurity Best Practices
MEDIUM
AC_AWS_0180Ensure inter-cluster encryption is enabled for AWS MSK clusterAWSData Protection
HIGH
AC_AWS_0181Ensure that TLS-Only communication should be allowed between AWS MSK client and brokerAWSInfrastructure Security
HIGH
AC_AWS_0378Ensure all data stored is encrypted at-rest for AWS Elasticache Replication GroupAWSData Protection
HIGH
AC_AWS_0446Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AZURE_0141Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB ServerAzureInfrastructure Security
HIGH
AC_AZURE_0174Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure ImageAzureCompliance Validation
LOW
AC_AZURE_0281Ensure latest version of Azure Kubernetes Cluster is in useAzureInfrastructure Security
MEDIUM
AC_AZURE_0310Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual MachineAzureInfrastructure Security
MEDIUM
AC_AZURE_0320Ensure that boolean variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0417Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow LogAzureSecurity Best Practices
MEDIUM