Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_GCP_0272Ensure shielded nodes are enabled for all nodes in Google Container ClusterGCPInfrastructure Security
LOW
AC_AWS_0452Ensure log retention policy is set for AWS CloudWatch Log GroupAWSSecurity Best Practices
MEDIUM
AC_AZURE_0147Ensure Azure log retention is set at least 90 days for Azure Log Analytics WorkspaceAzureLogging and Monitoring
MEDIUM
AC_AZURE_0283Ensure that Activity Log Retention is set 365 days or greater for Azure Monitor Log ProfileAzureLogging and Monitoring
MEDIUM
AC_GCP_0266Ensure a retention policy is enabled for Google Cloud Storage BucketsGCPSecurity Best Practices
MEDIUM
AC_GCP_0267Ensure a retention period of at least 90 days is set for Google Cloud Storage BucketsGCPSecurity Best Practices
LOW
AC_AZURE_0150Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale SetAzureCompliance Validation
MEDIUM
AC_AZURE_0199Ensure HTTPS is allowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AZURE_0382Ensure SQL Server audit with selected event types is enabled and has retention period of minimum 365 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0402Ensure audit log retention period is greater than 90 days for Azure PostgreSQL ServerAzureResilience
LOW
AC_AWS_0039Ensure data events logging is enabled for AWS CloudTrail trailsAWSLogging and Monitoring
MEDIUM
AC_AWS_0616Ensure Code Signing is enabled for AWS Lambda functionsAWSData Protection
HIGH
AC_AWS_0002Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0003Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0005Ensure encryption is enabled for Amazon Machine Image (AMI)AWSInfrastructure Security
MEDIUM
AC_AWS_0056Ensure automatic minor version upgrade is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0177Ensure latest engine version is used for AWS MQ BrokersAWSSecurity Best Practices
MEDIUM
AC_AWS_0208Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS ECR RepositoryAWSData Protection
MEDIUM
AC_AWS_0368Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway File SharesAWSSecurity Best Practices
HIGH
AC_AWS_0372Ensure root volumes are encrypted for the AWS WorkspacesAWSData Protection
MEDIUM
AC_AWS_0441Ensure HTTP2 is enabled for AWS LB (Load Balancer)AWSInfrastructure Security
LOW
AC_AWS_0454Ensure one HTTPS listener is configured for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0468Ensure encryption is enabled for AWS Athena DatabaseAWSData Protection
HIGH
AC_AZURE_0111Ensure that automatic upgrades are enabled for Azure Virtual Machine ExtensionAzureInfrastructure Security
MEDIUM
AC_AZURE_0154Ensure that TLS is enforced for Azure Load BalancerAzureResilience
LOW
AC_AZURE_0193Ensure web sockets are disabled for Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0201Ensure in-transit encryption is enabled for Azure Redis CacheAzureInfrastructure Security
MEDIUM
AC_AZURE_0294Ensure encryption is enabled for Azure Data Lake StoreAzureData Protection
MEDIUM
AC_AZURE_0299Ensure that Azure Data Explorer uses disk encryption in Azure Kusto ClusterAzureData Protection
MEDIUM
AC_AZURE_0317Ensure that string variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0319Ensure that date-time variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0359Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_GCP_0243Ensure application-layer secrets are encrypted for Google Container ClusterGCPInfrastructure Security
MEDIUM
AC_GCP_0269Ensure that 'always allow' evaluation mode is restricted for Google Binary Authorization PolicyGCPSecurity Best Practices
MEDIUM
AC_K8S_0068Ensure image tag is set in Kubernetes workload configurationKubernetesSecurity Best Practices
LOW
AC_K8S_0123Ensure TLS verification is enabled in Istio Destination RulesKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0001Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0235Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0124Ensure latest TLS version is in use for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0278Ensure HTTP is disallowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AWS_0214Ensure versioning is enabled for AWS S3 BucketsAWSResilience
HIGH
AC_AWS_0048Ensure Elastic Block Store (EBS) volumes are encrypted through AWS ConfigAWSData Protection
MEDIUM
AC_AWS_0115Ensure HTTPS-only is enforced for AWS ElasticSearch DomainAWSInfrastructure Security
MEDIUM
AC_AWS_0182Ensure storage encryption is enabled for AWS Neptune clusterAWSData Protection
HIGH
AC_AWS_0371Ensure user volumes are encrypted for the AWS WorkspacesAWSData Protection
MEDIUM
AC_AWS_0461Ensure AWS ECR Repository uses KMS for server-side encryptionAWSData Protection
MEDIUM
AC_AZURE_0096Ensure IP addresses are masked in the logs for IoT HubAzureInfrastructure Security
LOW
AC_AZURE_0208Ensure that Active Azure Service Fabric clusters are automatically upgraded to latest versionAzureInfrastructure Security
MEDIUM
AC_AZURE_0209Ensure that Active Azure Service Fabric clusters are not using CVE-2022-30137 vulnerable cluster version(8.2.1124.1)AzureInfrastructure Security
MEDIUM
AC_AZURE_0304Ensure extensions are not installed on Azure Windows Virtual MachineAzureInfrastructure Security
MEDIUM