Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0549Ensure geo-restriction is enabled for AWS CloudFrontAWSInfrastructure Security
LOW
AC_AZURE_0099Ensure that the attribute 'privileged_docker_options' in Defender for IoT is not set to falseAzureInfrastructure Security
HIGH
AC_AZURE_0104Ensure that the attribute 'edge_logging_option' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0108Ensure public IP addresses are not assigned to Azure Windows Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0140Ensure public access is disabled for Azure MariaDB ServerAzureInfrastructure Security
HIGH
AC_AZURE_0144Ensure queries are not supported over the public internet for Azure Log Analytics WorkspaceAzureInfrastructure Security
HIGH
AC_AZURE_0226Ensure public access is disabled for Azure Healthcare ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0262Ensure public network access is disabled for Azure Container RegistryAzureInfrastructure Security
MEDIUM
AC_AZURE_0293Ensure that Web Application Firewall (WAF) is used in 'Detection' or 'Prevention' modes for Azure Front DoorAzureInfrastructure Security
MEDIUM
AC_AZURE_0311Ensure public access is disabled for Azure IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0312Ensure public network access disabled for Azure Eventgrid DomainAzureInfrastructure Security
HIGH
AC_AZURE_0314Ensure that Web Application Firewall (WAF) enabled for Azure Front DoorAzureInfrastructure Security
MEDIUM
AC_AZURE_0345Ensure data exfiltration protection is enabled for Azure Synapse WorkspaceAzureData Protection
MEDIUM
AC_AZURE_0420Ensure only whitelisted IPs can use Azure Search ServiceAzureInfrastructure Security
MEDIUM
AC_GCP_0246Ensure folder level default service account is not configured in Google Folder IAM BindingGCPIdentity and Access Management
LOW
AC_GCP_0247Ensure IAM roles do not impersonate or manage service accounts used at organization level for Google CloudGCPIdentity and Access Management
HIGH
AC_GCP_0285Ensure firestore storage resource does not have access policy set to 'Public' for Google App Engine ApplicationGCPInfrastructure Security
MEDIUM
AC_AZURE_0003Ensure that 'Threat Detection' is enabled for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0292Ensure that public access is disabled in Azure Key VaultAzureInfrastructure Security
MEDIUM
AC_AWS_0004Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0006Ensure Amazon Machine Image (AMI) is not shared among multiple accountsAWSInfrastructure Security
MEDIUM
AC_AWS_0018Ensure encryption is enabled for AWS Athena QueryAWSData Protection
MEDIUM
AC_AWS_0070Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instancesAWSSecurity Best Practices
MEDIUM
AC_AWS_0109Ensure latest version of elasticsearch engine is used for AWS ElasticSearch DomainsAWSCompliance Validation
MEDIUM
AC_AWS_0112Ensure encryption at-rest is enabled for AWS ElasticSearch DomainsAWSData Protection
HIGH
AC_AWS_0114Ensure node-to-node encryption is enabled for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0178Ensure customer owned KMS key is used for encrypting AWS MQ BrokersAWSData Protection
HIGH
AC_AWS_0451Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log GroupAWSData Protection
HIGH
AC_AWS_0460Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery StreamAWSData Protection
HIGH
AC_AZURE_0134Ensure that minimum TLS version is set to 1.2 for Azure MSSQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0224Ensure latest TLS/SSL version is in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_GCP_0016Ensure container-optimized OS (COS) is used for Google Container Node PoolGCPCompliance Validation
LOW
AC_GCP_0289Ensure cloud instance snapshots are encrypted through Google Compute SnapshotGCPData Protection
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_AWS_0317Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0318Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0370Ensure default VPC is not used for AWS VPCAWSSecurity Best Practices
MEDIUM
AC_AWS_0509Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0514Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0517Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0528Ensure LDAP (UDP:389) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0529Ensure LDAP (UDP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0534Ensure Memcached SSL (UDP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0544Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0120Ensure AWS ELB has one listener configured to listen for HTTPs trafficAWSInfrastructure Security
LOW
AC_AWS_0201Ensure allow version upgrade is enabled for AWS Redshift ClustersAWSSecurity Best Practices
LOW
AC_AWS_0240Ensure Security Groups do not have unrestricted specific ports open - Hadoop Name Node (TCP,9000)AWSInfrastructure Security
HIGH
AC_AWS_0241Ensure Security Groups do not have unrestricted specific ports open - Known internal web port (TCP,8000)AWSInfrastructure Security
HIGH