Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0253Ensure system-assigned managed identity authentication is used for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AZURE_0290Ensure that Azure policies add-on are used for Azure Kubernetes ClusterAzureSecurity Best Practices
MEDIUM
AC_AZURE_0362Ensure boot diagnostics are enabled for Azure Virtual MachineAzureLogging and Monitoring
MEDIUM
AC_AZURE_0550Ensure disk encryption is enabled for Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_GCP_0022Ensure PodSecurityPolicy controller is enabled on Google Container ClusterGCPCompliance Validation
HIGH
AC_GCP_0274Ensure OSLogin is enabled for centralized SSH key pair management using Google ProjectGCPIdentity and Access Management
MEDIUM
AC_GCP_0275Ensure multi-factor authentication is enabled for Google Compute Project MetadataGCPSecurity Best Practices
LOW
AC_AWS_0025Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0027Ensure there is no IAM policy with invalid partition used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0031Ensure only lower case letters are in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0037Ensure logging for global services is enabled for AWS CloudTrailAWSLogging and Monitoring
MEDIUM
AC_AWS_0130Ensure 'Job Bookmark Encryption' is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0398Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0404Ensure Principal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0405Ensure NotPrincipal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0410Ensure wildcards(*) are only at end of strings in Action of AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0425Ensure root access is disabled for AWS SageMaker Notebook instancesAWSSecurity Best Practices
HIGH
AC_AWS_0433Ensure cloud users don't have any direct permissions in AWS IAM User Policy AttachmentAWSIdentity and Access Management
MEDIUM
AC_AWS_0436Ensure automatic backups are enabled for AWS Elasticache ClusterAWSData Protection
MEDIUM
AC_AWS_0478Ensure that IP range is specified in CIDR format for AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0479Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0482Ensure there is no policy with invalid principal key for AWS S3 Bucket policyAWSIdentity and Access Management
LOW
AC_AWS_0489Ensure Creation of SLR with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0495Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AZURE_0115Ensure that authentication feature is enabled for Azure Linux Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0139Ensure regular backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0141Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB ServerAzureInfrastructure Security
HIGH
AC_AZURE_0174Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure ImageAzureCompliance Validation
LOW
AC_AZURE_0281Ensure latest version of Azure Kubernetes Cluster is in useAzureInfrastructure Security
MEDIUM
AC_AZURE_0310Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual MachineAzureInfrastructure Security
MEDIUM
AC_AZURE_0320Ensure that boolean variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0417Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow LogAzureSecurity Best Practices
MEDIUM
AC_GCP_0287Ensure in-transit encryption is enabled for Google App Engine Standard App VersionGCPInfrastructure Security
MEDIUM
AC_GCP_0288Ensure only selected container registries are allowed through Google Binary Authorization PolicyGCPSecurity Best Practices
MEDIUM
AC_K8S_0111Ensure for exposing Kubernetes workload to the internet, NodePort service is not usedKubernetesInfrastructure Security
LOW
AC_K8S_0124Ensure envoy proxies are not configured in permissive mode in Istio Peer AuthenticationKubernetesInfrastructure Security
MEDIUM
AC_K8S_0126Ensure Kubernetes hot-patch daemonset for Log4j2 is appliedKubernetesConfiguration and Vulnerability Analysis
HIGH
AC_AWS_0045Ensure 'password policy' is enabled - at least 1 upper case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0046Ensure 'password policy' is enabled - at least 1 symbolAWSIdentity and Access Management
MEDIUM
AC_AWS_0052Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0071Ensure encryption at rest is enabled for AWS DocumentDB clustersAWSData Protection
MEDIUM
AC_AWS_0079Ensure default encryption is enabled for AWS EBS VolumesAWSData Protection
HIGH
AC_AWS_0125Ensure public access is disabled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0179Ensure auto minor version upgrade is enabled for AWS MQ BrokersAWSSecurity Best Practices
MEDIUM
AC_AWS_0180Ensure inter-cluster encryption is enabled for AWS MSK clusterAWSData Protection
HIGH
AC_AWS_0181Ensure that TLS-Only communication should be allowed between AWS MSK client and brokerAWSInfrastructure Security
HIGH
AC_AWS_0378Ensure all data stored is encrypted at-rest for AWS Elasticache Replication GroupAWSData Protection
HIGH
AC_AWS_0426Ensure that initial login requires password reset for AWS IAM UsersAWSCompliance Validation
HIGH
AC_AWS_0446Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AWS_0583Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM