Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0134Ensure that minimum TLS version is set to 1.2 for Azure MSSQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0224Ensure latest TLS/SSL version is in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_GCP_0289Ensure cloud instance snapshots are encrypted through Google Compute SnapshotGCPData Protection
MEDIUM
AC_AWS_0317Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0318Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0370Ensure default VPC is not used for AWS VPCAWSSecurity Best Practices
MEDIUM
AC_AWS_0509Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0514Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0517Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0528Ensure LDAP (UDP:389) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0529Ensure LDAP (UDP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0534Ensure Memcached SSL (UDP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0544Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0270Ensure Security Groups do not have unrestricted specific ports open - Oracle Database Server (TCP,1521)AWSInfrastructure Security
HIGH
AC_AWS_0311Ensure Cassandra Client (TCP:9042) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0362Ensure MongoDB' (TCP,27017) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0511Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0512Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0518Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0522Ensure Cassandra Thrift (TCP:9160) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0541Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AZURE_0121Ensure HTTPS is enabled for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0125Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0354Ensure that VPN Encryption is enabled for Azure Virtual WANAzureInfrastructure Security
MEDIUM
AC_AWS_0211Ensure AWS S3 Buckets are not listable for Authenticated users groupAWSIdentity and Access Management
HIGH
AC_AWS_0058Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0067Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scopeAWSInfrastructure Security
HIGH
AC_AWS_0097Ensure VPC is enabled for AWS Redshift ClusterAWSInfrastructure Security
MEDIUM
AC_AWS_0164Ensure VPC access is enabled for AWS Lambda FunctionsAWSInfrastructure Security
MEDIUM
AC_AWS_0392Ensure public IP address is not used AWS EC2 instancesAWSInfrastructure Security
HIGH
AC_AWS_0399Ensure public IP address is not assigned to Amazon Elastic Container Service (ECS)AWSInfrastructure Security
HIGH
AC_AWS_0578Ensure AWS NAT Gateways are used instead of default routes for AWS Route TableAWSData Protection
HIGH
AC_AZURE_0092Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS)AzureInfrastructure Security
HIGH
AC_AZURE_0098Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0101Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to falseAzureInfrastructure Security
HIGH
AC_AZURE_0102Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0109Ensure public IP addresses are not assigned to Azure Linux Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0206Ensure cross account access is disabled for Azure SQL Firewall RuleAzureIdentity and Access Management
MEDIUM
AC_AZURE_0261Ensure public network access is disabled for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AZURE_0353Ensure a site-to-site VPN functionality by making use of Azure Virtual WANAzureInfrastructure Security
MEDIUM
AC_AZURE_0374Ensure a firewall is attached to Azure SQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0383Ensure that 'Threat Detection' is enabled for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_GCP_0248Ensure default service account is not used at organization level for Google CloudGCPIdentity and Access Management
HIGH
AC_K8S_0049Ensure ALLOW-with-positive-matching exist for Istio Authorization ObjectKubernetesInfrastructure Security
MEDIUM
AC_K8S_0118Ensure overly broad host configuration is not allowed for Istio GatewayKubernetesInfrastructure Security
HIGH
AC_AZURE_0308Ensure public access is disabled for Azure MySQL Single ServerAzureInfrastructure Security
HIGH
AC_AZURE_0337Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AWS_0171Ensure weak ciphers are removed for AWS Elastic Load Balancers (ELB)AWSInfrastructure Security
HIGH
AC_K8S_0067Ensure Kubernetes dashboard is not deployedKubernetesData Protection
MEDIUM