Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0211Ensure data backup is enabled using `backup_blob_container_uri` for Azure Analysis Services ServersAzureResilience
MEDIUM
AC_AZURE_0260Ensure backup retention period is enabled for Azure PostgreSQL ServerAzureCompliance Validation
HIGH
AC_AZURE_0349Ensure disk encryption is enabled for Azure Windows Virtual Machine Scale SetAzureData Protection
MEDIUM
AC_AZURE_0365Ensure age in days after create to delete snapshot is more than 90 in Azure Storage Management PolicyAzureResilience
MEDIUM
AC_AZURE_0399Ensure that Identity block is defined and type is set to SystemAssigned for Azure PostgreSQL ServerAzureIdentity and Access Management
LOW
AC_GCP_0255Ensure that IAM permissions are not granted directly to users for Google CloudGCPIdentity and Access Management
HIGH
AC_AWS_0628Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLsAWSIdentity and Access Management
MEDIUM
AC_AWS_0502Ensure valid account number format is used in Amazon Simple Notification Service (SNS) TopicAWSSecurity Best Practices
LOW
AC_AZURE_0179Ensure CORS is tightly controlled and managed for Azure Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0244Ensure remote debugging is turned off for Azure App ServiceAzureInfrastructure Security
HIGH
AC_AZURE_0280Ensure accessibility is restricted up to 256 hosts in Azure SQL Firewall RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0390Ensure accessibility is restricted to 256 hosts for Azure Redis CacheAzureInfrastructure Security
MEDIUM
AC_GCP_0020Ensure private cluster is enabled for Google Container ClusterGCPInfrastructure Security
HIGH
AC_AZURE_0002Ensure notification email setting is enabled for Azure SQL Database Threat Detection PolicyAzureLogging and Monitoring
LOW
AC_AZURE_0036Ensure the storage account containing the container with activity logs is encrypted with Customer Managed KeyAzureData Protection
MEDIUM
AC_AZURE_0048Ensure That 'Notify about alerts with the following severity' is Set to 'High'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0137Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0218Ensure that Activity Log Alert exists for Create Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AZURE_0348Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_GCP_0268Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or FewerGCPIdentity and Access Management
LOW
AC_GCP_0270Ensure the GKE Metadata Server is EnabledGCPSecurity Best Practices
LOW
AC_AWS_0014Ensure resource ARNs do not have region missing in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0050Ensure `arn` prefix is in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0053Ensure IAM authentication is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
MEDIUM
AC_AWS_0119Ensure permissions are tightly controlled for AWS ElasticSearch DomainsAWSIdentity and Access Management
HIGH
AC_AWS_0388Ensure field-level encryption is enabled for AWS CloudFront distributionAWSData Protection
MEDIUM
AC_AWS_0390Ensure origin access identity is enabled for AWS CloudFront distributions with S3 originAWSIdentity and Access Management
MEDIUM
AC_AWS_0393Ensure automated backup using EFS Backup policy is enabled for AWS Elastic File System (EFS)AWSResilience
MEDIUM
AC_AWS_0401Ensure encryption at rest is enabled for AWS Backup VaultAWSInfrastructure Security
MEDIUM
AC_AWS_0402Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault PolicyAWSInfrastructure Security
MEDIUM
AC_AWS_0435Ensure access logging is enabled for AWS LB (Load Balancer)AWSLogging and Monitoring
MEDIUM
AC_AWS_0466Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repositoryAWSIdentity and Access Management
MEDIUM
AC_AWS_0471Ensure correct combination of JSON policy elements is used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0474Ensure global condition key is not used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0493Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0496Ensure IAM Policies were not configured with versions in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0498Ensure there is no IAM policy with invalid condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0501Ensure Adding a valid base64-encoded string value for the condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0618Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLsAWSIdentity and Access Management
MEDIUM
AC_AZURE_0113Ensure backup is enabled using Azure Backup for Azure Linux Virtual MachinesAzureSecurity Best Practices
LOW
AC_AZURE_0162Ensure secrets have content type set for Azure Key Vault SecretAzureSecurity Best Practices
MEDIUM
AC_AZURE_0202Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS TokenAzureData Protection
LOW
AC_AZURE_0259Ensure point-in-time-restore is enabled for Azure SQL DatabaseAzureCompliance Validation
MEDIUM
AC_AZURE_0303Ensure that authentication feature is enabled for Azure Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0358Ensure use of NSG with Azure Virtual Machine Scale SetAzureInfrastructure Security
MEDIUM
AC_AWS_0183Ensure IAM database authentication has been enabled for AWS Neptune clusterAWSIdentity and Access Management
MEDIUM
AC_AZURE_0268Ensure geo-redundant backups are enabled for Azure MySQL Single ServerAzureData Protection
HIGH
AC_GCP_0004Ensure That There Are Only GCP-Managed Service Account Keys for Each Service AccountGCPIdentity and Access Management
LOW
AC_GCP_0028Ensure Legacy Authorization (ABAC) is DisabledGCPIdentity and Access Management
HIGH
AC_AWS_0048Ensure Elastic Block Store (EBS) volumes are encrypted through AWS ConfigAWSData Protection
MEDIUM