AC_AWS_0434 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0548 | Ensure logging is enabled for AWS CloudFront | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0557 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0582 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | AWS | Logging and Monitoring | HIGH |
AC_AWS_0584 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0589 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AWS_0626 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0001 | Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0047 | Ensure That 'All users with the following roles' is set to 'Owner' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0070 | Ensure that Activity Log Alert exists for Delete Public IP Address rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0071 | Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0235 | Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0302 | Ensure read, write and delete request logging is enabled for queue service in Azure Storage Account | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0339 | Ensure that Activity Log Alert exists for Create or Update Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0340 | Ensure that Activity Log alert exists for the Delete Network Security Group Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0344 | Ensure that Activity Log Alert exists for Delete Policy Assignment | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0589 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0009 | Ensure That Cloud Audit Logging Is Configured Properly | GCP | Logging and Monitoring | LOW |
AC_GCP_0233 | Ensure logging is enabled for Google Cloud Storage Buckets | GCP | Logging and Monitoring | LOW |
AC_GCP_0307 | Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0311 | Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0318 | Ensure That Sinks Are Configured for All Log Entries | GCP | Logging and Monitoring | LOW |
AC_K8S_0035 | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0066 | Ensure that a minimal audit policy is created | Kubernetes | Logging and Monitoring | MEDIUM |
S3_AWS_0007 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0034 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0035 | Ensure Amazon Simple Notification Service (SNS) topic is defined for notifying log file delivery for AWS CloudTrail | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0064 | Ensure CloudWatch logging is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0163 | Ensure tracing is enabled for AWS Lambda Functions | AWS | Logging and Monitoring | LOW |
AC_AWS_0200 | Ensure audit logging feature is enabled for AWS Redshift clusters | AWS | Logging and Monitoring | LOW |
AC_AWS_0205 | Ensure record sets are configured for AWS Route53HostedZones | AWS | Logging and Monitoring | HIGH |
AC_AWS_0455 | Ensure monitoring is enabled for AWS Launch Configuration | AWS | Logging and Monitoring | HIGH |
AC_AWS_0585 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0613 | Ensure AWS Lambda function is configured with a Dead Letter Queue | AWS | Logging and Monitoring | LOW |
AC_AZURE_0046 | Ensure 'Additional email addresses' is Configured with a Security Contact Email | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0048 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0136 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0137 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0147 | Ensure Azure log retention is set at least 90 days for Azure Log Analytics Workspace | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0210 | Ensure that Diagnostic Logs Are Enabled for All Services that Support it | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0218 | Ensure that Activity Log Alert exists for Create Policy Assignment | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0239 | Ensure That 'All users with the following roles' is set to 'Owner' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0283 | Ensure that Activity Log Retention is set 365 days or greater for Azure Monitor Log Profile | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0337 | Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0341 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0412 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0414 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0588 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0241 | Ensure object versioning is enabled on Google Cloud Storage Buckets | GCP | Logging and Monitoring | LOW |
AC_GCP_0303 | Ensure that retention policies on log buckets are configured using Bucket Lock | GCP | Logging and Monitoring | LOW |