Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0564Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabledAzureData Protection
MEDIUM
AC_AWS_0042Ensure standard password policy must be followed with password at least 14 characters longAWSIdentity and Access Management
MEDIUM
AC_AWS_0564Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKsAWSSecurity Best Practices
HIGH
AC_AWS_0567Ensure a log metric filter and alarm exist for security group changesAWSSecurity Best Practices
HIGH
AC_AZURE_0562Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)AzureInfrastructure Security
HIGH
AC_AZURE_0567Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0568Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_linux_web_appAzureSecurity Best Practices
MEDIUM
AC_AZURE_0582Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_windows_web_appAzureIdentity and Access Management
MEDIUM
AC_AZURE_0025Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account AccessAzureInfrastructure Security
HIGH
AC_AZURE_0060Ensure that UDP access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AWS_0142Ensure IAM password policy requires minimum length of 14 or greaterAWSCompliance Validation
MEDIUM
AC_AWS_0611Ensure AWS Security Hub is enabledAWSInfrastructure Security
MEDIUM
AC_AZURE_0342Ensure that RDP access is restricted from the internetAzureInfrastructure Security
HIGH
AC_AZURE_0357Ensure that UDP Services are restricted from the InternetAzureInfrastructure Security
HIGH
AC_AWS_0632Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AZURE_0373Ensure that 'Secure transfer required' is set to 'Enabled'AzureData Protection
HIGH
AC_GCP_0234Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access EnabledGCPIdentity and Access Management
LOW
AC_GCP_0239Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_memberGCPIdentity and Access Management
HIGH
AC_AZURE_0573Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0583Ensure FTP deployments are Disabled - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0086Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'AzureInfrastructure Security
MEDIUM
AC_AZURE_0122Ensure FTP deployments are Disabled - azurerm_linux_function_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0131Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database ServerAzureInfrastructure Security
HIGH
AC_AZURE_0163Ensure that the Expiration Date is set for all Secrets in RBAC Key VaultsAzureData Protection
HIGH
AC_AWS_0138Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_GCP_0002Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSLGCPInfrastructure Security
HIGH
AC_AWS_0151Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0585Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AWS_0593Ensure that IAM Access analyzer is enabled for all regionsAWSInfrastructure Security
MEDIUM
AC_K8S_0117Ensure Kubernetes NetworkPolicy object is defined for every Kubernetes NamespaceKubernetesInfrastructure Security
MEDIUM
AC_GCP_0313Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly AccessibleGCPData Protection
MEDIUM
AC_AWS_0586Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0588Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresAWSSecurity Best Practices
HIGH
AC_AWS_0552Ensure MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_AZURE_0408Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database ServerAzureInfrastructure Security
HIGH
AC_GCP_0033Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC NetworkGCPLogging and Monitoring
MEDIUM
AC_AWS_0605Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AZURE_0167Ensure the Key Vault is RecoverableAzureData Protection
MEDIUM
AC_GCP_0251Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on'GCPCompliance Validation
LOW
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_GCP_0282Ensure That Compute Instances Do Not Have Public IP AddressesGCPInfrastructure Security
MEDIUM
AC_AWS_0038Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_GCP_0237Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_iam_bindingGCPIdentity and Access Management
MEDIUM
AC_K8S_0129Ensure that the admission control plugin PodSecurityPolicy is setKubernetesCompliance Validation
MEDIUM
AC_AZURE_0572Ensure Web App is using the latest version of TLS encryption - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0575Ensure Web App is using the latest version of TLS encryption - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM
AC_AWS_0209Ensure MFA Delete is enable on S3 bucketsAWSSecurity Best Practices
HIGH
AC_GCP_0035Ensure Compute instances are launched with Shielded VM enabledGCPInfrastructure Security
LOW
AC_AZURE_0116Ensure FTP deployments are Disabled - azurerm_windows_function_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0334Ensure FTP deployments are DisabledAzureInfrastructure Security
MEDIUM