Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0216Ensure that a 'Diagnostics Setting' existsAzureLogging and Monitoring
MEDIUM
AC_AZURE_0324Ensure that Microsoft Defender for Container Registries is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0331Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selectedAzureCompliance Validation
MEDIUM
AC_K8S_0030Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0042Ensure that the --encryption-provider-config argument is set as appropriateKubernetesData Protection
MEDIUM
AC_AZURE_0552Enable Role Based Access Control for Azure Key VaultAzureData Protection
LOW
AC_GCP_0237Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_iam_bindingGCPIdentity and Access Management
MEDIUM
AC_K8S_0129Ensure that the admission control plugin PodSecurityPolicy is setKubernetesCompliance Validation
MEDIUM
CIS_AZURE_0217Ensure Storage for Critical Data are Encrypted with Customer Managed KeysAzureData Protection
MEDIUM
AC_AZURE_0069Ensure that Activity Log Alert exists for Create or Update Public IP Address ruleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0072Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0558Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_GCP_0366Ensure API Keys Are Restricted to Only APIs That Application Needs AccessGCPSecurity Best Practices
MEDIUM
AC_GCP_0035Ensure Compute instances are launched with Shielded VM enabledGCPInfrastructure Security
LOW
AC_AZURE_0047Ensure That 'All users with the following roles' is set to 'Owner'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0066Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed keyAzureData Protection
MEDIUM
AC_AZURE_0339Ensure that Activity Log Alert exists for Create or Update Security SolutionAzureLogging and Monitoring
MEDIUM
AC_AZURE_0344Ensure that Activity Log Alert exists for Delete Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AZURE_0376Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_K8S_0018Ensure that the --authorization-mode argument includes RBACKubernetesIdentity and Access Management
MEDIUM
S3_AWS_0015Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_GCP_0015Ensure Node Auto-Repair is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_K8S_0047Ensure that the admission control plugin AlwaysAdmit is not setKubernetesCompliance Validation
MEDIUM
AC_K8S_0058Ensure that the --cert-file and --key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0109Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_AZURE_0026Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0126Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database ServerAzureInfrastructure Security
MEDIUM
AC_AWS_0571Ensure a log metric filter and alarm exist for VPC changesAWSSecurity Best Practices
HIGH
S3_AWS_0008Ensure that Object-level logging for write events is enabled for S3 bucket - Terraform Version 1.xAWSIdentity and Access Management
HIGH
AC_AZURE_0572Ensure Web App is using the latest version of TLS encryption - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0575Ensure Web App is using the latest version of TLS encryption - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM
AC_GCP_0307Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission ChangesGCPLogging and Monitoring
MEDIUM
AC_GCP_0311Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration ChangesGCPLogging and Monitoring
MEDIUM
AC_AZURE_0044Ensure that Azure Active Directory Admin is Configured for SQL ServersAzureIdentity and Access Management
HIGH
AC_K8S_0062Ensure that the --peer-client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0063Ensure that the --peer-auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0332Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_GCP_0336Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to UsersGCPIdentity and Access Management
LOW
AC_K8S_0028Ensure that the --insecure-port argument is set to 0KubernetesInfrastructure Security
HIGH
AC_AZURE_0116Ensure FTP deployments are Disabled - azurerm_windows_function_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0334Ensure FTP deployments are DisabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0372Ensure Default Network Access Rule for Storage Accounts is Set to DenyAzureInfrastructure Security
MEDIUM
AC_AZURE_0571Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0577Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0584Ensure FTP deployments are Disabled - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM
AC_AWS_0132Ensure no root user account access key existsAWSIdentity and Access Management
HIGH
AC_AZURE_0409Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_AZURE_0555Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'AzureData Protection
MEDIUM
AC_AWS_0557Ensure the S3 bucket used to store CloudTrail logs is not publicly accessibleAWSLogging and Monitoring
MEDIUM