Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_K8S_0018Ensure that the --authorization-mode argument includes RBACKubernetesIdentity and Access Management
MEDIUM
S3_AWS_0015Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_K8S_0008Ensure that a Client CA File is ConfiguredKubernetesIdentity and Access Management
HIGH
AC_K8S_0046Minimize the admission of privileged containersKubernetesIdentity and Access Management
HIGH
AC_K8S_0104Minimize wildcard use in Roles and ClusterRolesKubernetesIdentity and Access Management
HIGH
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_K8S_0047Ensure that the admission control plugin AlwaysAdmit is not setKubernetesCompliance Validation
MEDIUM
AC_K8S_0058Ensure that the --cert-file and --key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0109Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_AZURE_0026Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsAzureData Protection
HIGH
AC_AWS_0626Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_AZURE_0126Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0332Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_GCP_0336Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to UsersGCPIdentity and Access Management
LOW
AC_K8S_0062Ensure that the --peer-client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0063Ensure that the --peer-auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0044Ensure that Azure Active Directory Admin is Configured for SQL ServersAzureIdentity and Access Management
HIGH
AC_K8S_0028Ensure that the --insecure-port argument is set to 0KubernetesInfrastructure Security
HIGH
AC_AZURE_0409Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_AZURE_0555Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'AzureData Protection
MEDIUM
AC_AWS_0132Ensure no root user account access key existsAWSIdentity and Access Management
HIGH
AC_GCP_0296Ensure Container-Optimized OS (cos_containerd) is used for GKE node imagesGCPCompliance Validation
LOW
AC_K8S_0060Ensure that the --auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0170Ensure the key vault is recoverable - soft_delete_enabledAzureData Protection
MEDIUM
AC_AZURE_0387Ensure That No Custom Subscription Owner Roles Are CreatedAzureIdentity and Access Management
MEDIUM
AC_AWS_0606Ensure MFA Delete is enabled on S3 bucketsAWSSecurity Best Practices
HIGH
AC_AZURE_0040Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0053Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureInfrastructure Security
HIGH
AC_AZURE_0148Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_AZURE_0338Ensure that Activity Log Alert exists for Delete Security SolutionAzureLogging and Monitoring
MEDIUM
AC_AZURE_0343Ensure that Activity Log Alert exists for Create or Update Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0396Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_AZURE_0585Ensure that 'Data encryption' is set to 'On' on a SQL DatabaseAzureData Protection
MEDIUM
AC_GCP_0319Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_AWS_0186Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSData Protection
HIGH
AC_AZURE_0085Ensure that logging for Azure Key Vault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_GCP_0024Ensure authentication using Client Certificates is DisabledGCPIdentity and Access Management
MEDIUM
AC_GCP_0315Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on'GCPCompliance Validation
LOW
AC_K8S_0038Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0041Ensure that the --etcd-cafile argument is set as appropriateKubernetesData Protection
MEDIUM
AC_AZURE_0544Ensure that Azure Active Directory Admin is Configured for SQL ServersAzureIdentity and Access Management
HIGH
AC_AZURE_0553Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0565Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage AccountAzureIdentity and Access Management
MEDIUM
AC_AZURE_0566Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0581Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_linux_web_appAzureIdentity and Access Management
MEDIUM
AC_GCP_0032Ensure Legacy Networks Do Not Exist for Older ProjectsGCPInfrastructure Security
LOW
AC_GCP_0037Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM InstanceGCPInfrastructure Security
MEDIUM
AC_GCP_0261Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'GCPCompliance Validation
LOW
AC_GCP_0280Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data SetsGCPData Protection
MEDIUM
AC_GCP_0304Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)GCPData Protection
MEDIUM