Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0384Ensure data encryption is enabled for AWS SageMaker Notebook instancesAWSData Protection
HIGH
AC_AWS_0391Ensure 'public IP on launch' is not enabled for AWS SubnetsAWSInfrastructure Security
MEDIUM
AC_AWS_0396Ensure requests greater than 8 KB are blocked by AWS Web Application FirewallAWSSecurity Best Practices
HIGH
AC_AWS_0424Ensure direct access from the internet is disabled for AWS SageMaker Notebook instancesAWSData Protection
HIGH
AC_AWS_0438Ensure that there are no orphan in AWS IAM groupsAWSCompliance Validation
LOW
AC_AWS_0549Ensure geo-restriction is enabled for AWS CloudFrontAWSInfrastructure Security
LOW
AC_AZURE_0099Ensure that the attribute 'privileged_docker_options' in Defender for IoT is not set to falseAzureInfrastructure Security
HIGH
AC_AZURE_0104Ensure that the attribute 'edge_logging_option' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0108Ensure public IP addresses are not assigned to Azure Windows Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0140Ensure public access is disabled for Azure MariaDB ServerAzureInfrastructure Security
HIGH
AC_AZURE_0144Ensure queries are not supported over the public internet for Azure Log Analytics WorkspaceAzureInfrastructure Security
HIGH
AC_AZURE_0226Ensure public access is disabled for Azure Healthcare ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0262Ensure public network access is disabled for Azure Container RegistryAzureInfrastructure Security
MEDIUM
AC_AZURE_0293Ensure that Web Application Firewall (WAF) is used in 'Detection' or 'Prevention' modes for Azure Front DoorAzureInfrastructure Security
MEDIUM
AC_AZURE_0311Ensure public access is disabled for Azure IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0312Ensure public network access disabled for Azure Eventgrid DomainAzureInfrastructure Security
HIGH
AC_AZURE_0314Ensure that Web Application Firewall (WAF) enabled for Azure Front DoorAzureInfrastructure Security
MEDIUM
AC_AZURE_0345Ensure data exfiltration protection is enabled for Azure Synapse WorkspaceAzureData Protection
MEDIUM
AC_AZURE_0420Ensure only whitelisted IPs can use Azure Search ServiceAzureInfrastructure Security
MEDIUM
AC_GCP_0246Ensure folder level default service account is not configured in Google Folder IAM BindingGCPIdentity and Access Management
LOW
AC_GCP_0247Ensure IAM roles do not impersonate or manage service accounts used at organization level for Google CloudGCPIdentity and Access Management
HIGH
AC_GCP_0285Ensure firestore storage resource does not have access policy set to 'Public' for Google App Engine ApplicationGCPInfrastructure Security
MEDIUM
AC_K8S_0098Ensure CPU limit is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0115Ensure security context is applied to pods and containers with SELinux configuredKubernetesSecurity Best Practices
MEDIUM
AC_AZURE_0003Ensure that 'Threat Detection' is enabled for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0292Ensure that public access is disabled in Azure Key VaultAzureInfrastructure Security
MEDIUM
AC_AWS_0586Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0588Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresAWSSecurity Best Practices
HIGH
AC_GCP_0313Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly AccessibleGCPData Protection
MEDIUM
AC_AWS_0019Ensure there is no policy with Empty array ActionAWSIdentity and Access Management
LOW
AC_AWS_0223Ensure 'allow getAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0224Ensure 'allow putAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AZURE_0121Ensure HTTPS is enabled for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0125Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0354Ensure that VPN Encryption is enabled for Azure Virtual WANAzureInfrastructure Security
MEDIUM
AC_AWS_0605Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AZURE_0167Ensure the Key Vault is RecoverableAzureData Protection
MEDIUM
AC_AZURE_0408Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database ServerAzureInfrastructure Security
HIGH
AC_GCP_0033Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC NetworkGCPLogging and Monitoring
MEDIUM
AC_GCP_0099Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set AppropriatelyGCPCompliance Validation
LOW
AC_GCP_0299Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or StricterGCPCompliance Validation
LOW
AC_AWS_0120Ensure AWS ELB has one listener configured to listen for HTTPs trafficAWSInfrastructure Security
LOW
AC_AWS_0201Ensure allow version upgrade is enabled for AWS Redshift ClustersAWSSecurity Best Practices
LOW
AC_AWS_0240Ensure Security Groups do not have unrestricted specific ports open - Hadoop Name Node (TCP,9000)AWSInfrastructure Security
HIGH
AC_AWS_0241Ensure Security Groups do not have unrestricted specific ports open - Known internal web port (TCP,8000)AWSInfrastructure Security
HIGH
AC_AWS_0244Ensure Security Groups do not have unrestricted specific ports open - MSSQL Admin (TCP,1434)AWSInfrastructure Security
HIGH
AC_AWS_0245Ensure Security Groups do not have unrestricted specific ports open - MSSQL Browser Service (UDP,1434)AWSInfrastructure Security
HIGH
AC_AWS_0246Ensure Security Groups do not have unrestricted specific ports open - MSSQL Debugger (TCP,135)AWSInfrastructure Security
HIGH
AC_AWS_0249Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (TCP,11215)AWSInfrastructure Security
HIGH
AC_AWS_0253Ensure Security Groups do not have unrestricted specific ports open - MySQL (TCP,3306)AWSInfrastructure Security
HIGH