Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0036Ensure the storage account containing the container with activity logs is encrypted with Customer Managed KeyAzureData Protection
MEDIUM
AC_AZURE_0046Ensure 'Additional email addresses' is Configured with a Security Contact EmailAzureLogging and Monitoring
MEDIUM
AC_AZURE_0048Ensure That 'Notify about alerts with the following severity' is Set to 'High'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0059Ensure that HTTP(S) access from the Internet is evaluated and restrictedAzureInfrastructure Security
LOW
AC_AZURE_0061Ensure that SSH access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0062Ensure that RDP access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0093Ensure public access is disabled for Azure IoT Hub Device Provisioning Service (DPS)AzureInfrastructure Security
MEDIUM
AC_AZURE_0094Ensure shared access policies are not used for IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0097Ensure that the Microsoft Defender for IoT Hub is enabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0103Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0111Ensure that automatic upgrades are enabled for Azure Virtual Machine ExtensionAzureInfrastructure Security
MEDIUM
AC_AZURE_0124Ensure latest TLS version is in use for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0135Ensure public access is disabled for Azure MSSQL ServerAzureInfrastructure Security
HIGH
AC_AZURE_0136Ensure that 'Auditing' Retention is 'greater than 90 days'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0137Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0138Ensure geo-redundant backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0143Ensure that 'Unattached disks' are encrypted in Azure Managed DiskAzureData Protection
MEDIUM
AC_AZURE_0147Ensure Azure log retention is set at least 90 days for Azure Log Analytics WorkspaceAzureLogging and Monitoring
MEDIUM
AC_AZURE_0150Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale SetAzureCompliance Validation
MEDIUM
AC_AZURE_0154Ensure that TLS is enforced for Azure Load BalancerAzureResilience
LOW
AC_AZURE_0160Ensure that private cluster is enabled for Azure Kubernetes ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0187Ensure user id's are all system managed for Azure Container GroupAzureIdentity and Access Management
LOW
AC_AZURE_0191Ensure Web App is using the latest version of TLS encryptionAzureInfrastructure Security
MEDIUM
AC_AZURE_0193Ensure web sockets are disabled for Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0197Ensure custom script extensions are not used in Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0198Ensure compression is enabled for Azure CDN EndpointAzureResilience
MEDIUM
AC_AZURE_0199Ensure HTTPS is allowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AZURE_0200Ensure custom script extensions are not used in Azure Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0201Ensure in-transit encryption is enabled for Azure Redis CacheAzureInfrastructure Security
MEDIUM
AC_AZURE_0203Ensure cross account access is disabled for Azure Synapse Firewall RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0205Ensure cross account access is disabled for Azure SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0210Ensure that Diagnostic Logs Are Enabled for All Services that Support itAzureLogging and Monitoring
MEDIUM
AC_AZURE_0212Ensure the "Minimum TLS version" is set to "Version 1.2"AzureInfrastructure Security
MEDIUM
AC_AZURE_0218Ensure that Activity Log Alert exists for Create Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AZURE_0223Ensure that auto-scaling is enabled for Azure Kubernetes ClusterAzureResilience
MEDIUM
AC_AZURE_0227Ensure advanced threat protection is enabled for Azure CosmosDB AccountAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AZURE_0230Ensure Developer/Premium SKUs are in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0231Ensure that request initiated from all ports (*) for all destination ports (*) is restricted from the internet for Azure Network Security RuleAzureInfrastructure Security
HIGH
AC_AZURE_0232Ensure the Storage Container Storing the Activity Logs is not Publicly AccessibleAzureInfrastructure Security
HIGH
AC_AZURE_0233Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)AzureData Protection
MEDIUM
AC_AZURE_0237Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0239Ensure That 'All users with the following roles' is set to 'Owner'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0241Ensure that 'Data encryption' is set to 'On' on a SQL DatabaseAzureData Protection
MEDIUM
AC_AZURE_0255Ensure virtual network configuration is added for Azure Kusto ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0256Ensure private DNS zones are not linked to Azure Virtual NetworkAzureCompliance Validation
LOW
AC_AZURE_0271Ensure CIFS / SMB (TCP:3020) is not exposed to public for Azure Network Security RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0283Ensure that Activity Log Retention is set 365 days or greater for Azure Monitor Log ProfileAzureLogging and Monitoring
MEDIUM
AC_AZURE_0285Ensure that SSH access is restricted from the internetAzureInfrastructure Security
HIGH
AC_AZURE_0286Ensure SSH (TCP:22) is not exposed to public for Azure Network Security RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0294Ensure encryption is enabled for Azure Data Lake StoreAzureData Protection
MEDIUM