AC_AWS_0007 | Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0037 | Ensure logging for global services is enabled for AWS CloudTrail | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0123 | Ensure access logging is enabled for AWS ELB | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0612 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
AC_AZURE_0069 | Ensure that Activity Log Alert exists for Create or Update Public IP Address rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0072 | Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0133 | Ensure notification email address is configured for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0192 | Ensure auditing and monitoring is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0264 | Ensure log profile is configured to capture all activities for Azure Monitor Log Profile | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0291 | Ensure that logging to Azure Monitoring is configured for Azure Kubernetes Cluster | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0350 | Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_AZURE_0362 | Ensure boot diagnostics are enabled for Azure Virtual Machine | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0383 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0413 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0418 | Ensure that Network Watcher is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_GCP_0308 | Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes | GCP | Logging and Monitoring | MEDIUM |
S3_AWS_0010 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0015 | Ensure AWS WAF ACL is associated with AWS API Gateway Stage | AWS | Logging and Monitoring | LOW |
AC_AWS_0051 | Ensure event subscriptions are enabled for instance level events | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0086 | Ensure container insights are enabled for Amazon Elastic Container Service (ECS) clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0127 | Ensure flow logs are enabled for AWS Global Accelerator | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0131 | Ensure intelligent threat detection is enabled for all regions via AWS GuardDuty Detector | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0174 | Ensure log exports is enabled for AWS MQ Brokers | AWS | Logging and Monitoring | LOW |
AC_AWS_0204 | Ensure CloudWatch logging is enabled for AWS Route53 hosted zones | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0435 | Ensure access logging is enabled for AWS LB (Load Balancer) | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0632 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AZURE_0003 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0085 | Ensure that logging for Azure Key Vault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_AZURE_0132 | Ensure 'email account admins' is enabled for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0216 | Ensure that a 'Diagnostics Setting' exists | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0279 | Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy | Azure | Logging and Monitoring | LOW |
AC_AZURE_0295 | Ensure that logging for detailed error messages is enabled for Azure App Service | Azure | Logging and Monitoring | LOW |
AC_AZURE_0338 | Ensure that Activity Log Alert exists for Delete Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0343 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0361 | Ensure overprovisioning is disabled for Azure Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_AZURE_0376 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0386 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0396 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0409 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0591 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0305 | Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes | GCP | Logging and Monitoring | MEDIUM |
AC_K8S_0030 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0033 | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0052 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | LOW |
S3_AWS_0017 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0012 | Ensure CloudWatch Logs are enabled for AWS API Gateway Stage | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0049 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AWS_0062 | Ensure performance insights are enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0075 | Ensure deletion protection is enabled for AWS DocumentDB Clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0369 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |