Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0156Enable role-based access control (RBAC) within Azure Kubernetes ServicesAzureIdentity and Access Management
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_AZURE_0021Ensure Soft Delete is Enabled for Azure Containers and Blob StorageAzureData Protection
MEDIUM
AC_AZURE_0061Ensure that SSH access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0062Ensure that RDP access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0191Ensure Web App is using the latest version of TLS encryptionAzureInfrastructure Security
MEDIUM
AC_AZURE_0232Ensure the Storage Container Storing the Activity Logs is not Publicly AccessibleAzureInfrastructure Security
HIGH
AC_AWS_0226Ensure secrets should be auto-rotated after not more than 90 daysAWSCompliance Validation
HIGH
AC_AWS_0470Ensure cloud users don't have any direct permissions in AWS IAM User PolicyAWSIdentity and Access Management
MEDIUM
AC_AZURE_0418Ensure that Network Watcher is 'Enabled'AzureLogging and Monitoring
HIGH
AC_GCP_0036Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute InstanceGCPData Protection
MEDIUM
AC_GCP_0038Ensure default setting for OSLogin is not overridden by Google Compute InstanceGCPIdentity and Access Management
LOW
S3_AWS_0015Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_AWS_0595Ensure access keys are rotated every 90 days or lessAWSIdentity and Access Management
MEDIUM
AC_AZURE_0401Ensure that Azure Active Directory Admin is configuredAzureIdentity and Access Management
HIGH
AC_K8S_0102Ensure impersonate access to Kubernetes resources is minimized in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_AZURE_0574Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0576Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_GCP_0016Ensure container-optimized OS (COS) is used for Google Container Node PoolGCPCompliance Validation
LOW
AC_AWS_0137Eliminate use of the root user for administrative and daily tasksAWSCompliance Validation
MEDIUM
AC_AWS_0589Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0555Ensure IAM instance roles are used for AWS resource access from instancesAWSIdentity and Access Management
MEDIUM
AC_AWS_0570Ensure a log metric filter and alarm exist for route table changesAWSSecurity Best Practices
HIGH
AC_GCP_0278Ensure Oslogin Is Enabled for a Project - google_compute_instanceGCPSecurity Best Practices
LOW
AC_AWS_0428Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AZURE_0044Ensure that Azure Active Directory Admin is Configured for SQL ServersAzureIdentity and Access Management
HIGH
AC_AZURE_0332Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_GCP_0336Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to UsersGCPIdentity and Access Management
LOW
AC_K8S_0062Ensure that the --peer-client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0063Ensure that the --peer-auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_GCP_0229Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)GCPData Protection
MEDIUM
AC_GCP_0230Ensure That BigQuery Datasets Are Not Anonymously or Publicly AccessibleGCPIdentity and Access Management
HIGH
AC_GCP_0258Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'GCPCompliance Validation
LOW
AC_AWS_0019Ensure there is no policy with Empty array ActionAWSIdentity and Access Management
LOW
AC_AWS_0223Ensure 'allow getAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0224Ensure 'allow putAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
S3_AWS_0013Ensure there are no world-writeable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
S3_AWS_0014Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
AC_K8S_0054Ensure that the --service-account-private-key-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0130Ensure that the --profiling argument is set to falseKubernetesCompliance Validation
MEDIUM
AC_AWS_0036Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_AWS_0230Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0427Ensure hardware MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_GCP_0040Ensure That Instances Are Not Configured To Use the Default Service AccountGCPIdentity and Access Management
HIGH
AC_AZURE_0248Ensure That 'PHP version' is the Latest, If Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_GCP_0358Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket LockGCPLogging and Monitoring
LOW
AC_GCP_0365Ensure API Keys Only Exist for Active ServicesGCPSecurity Best Practices
MEDIUM
S3_AWS_0003Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_GCP_0296Ensure Container-Optimized OS (cos_containerd) is used for GKE node imagesGCPCompliance Validation
LOW
AC_AWS_0097Ensure VPC is enabled for AWS Redshift ClusterAWSInfrastructure Security
MEDIUM