Detections
Analytics

Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_AZURE_0336Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0337Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0338Ensure that Activity Log Alert exists for Delete Security SolutionAzureLogging and Monitoring
MEDIUM
AC_AZURE_0339Ensure that Activity Log Alert exists for Create or Update Security SolutionAzureLogging and Monitoring
MEDIUM
AC_AZURE_0340Ensure that Activity Log alert exists for the Delete Network Security Group RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0341Ensure that Activity Log Alert exists for Create or Update Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0342Ensure that RDP access is restricted from the internetAzureInfrastructure Security
HIGH
AC_AZURE_0343Ensure that Activity Log Alert exists for Create or Update Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0344Ensure that Activity Log Alert exists for Delete Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AZURE_0345Ensure data exfiltration protection is enabled for Azure Synapse WorkspaceAzureData Protection
MEDIUM
AC_AZURE_0346Ensure provider status is in provisioned state for Azure Express Route CircuitAzureCompliance Validation
LOW
AC_AZURE_0347Ensure that automatic failover is enabled for Azure CosmosDB AccountAzureData Protection
MEDIUM
AC_AZURE_0348Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_AZURE_0349Ensure disk encryption is enabled for Azure Windows Virtual Machine Scale SetAzureData Protection
MEDIUM
AC_AZURE_0350Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale SetAzureLogging and Monitoring
LOW
AC_AZURE_0351Ensure Azure Web Application Firewall Policy is enabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0352Ensure communications with known malicious IP addresses are denied via Azure Web Application Firewall PolicyAzureInfrastructure Security
MEDIUM
AC_AZURE_0353Ensure a site-to-site VPN functionality by making use of Azure Virtual WANAzureInfrastructure Security
MEDIUM
AC_AZURE_0354Ensure that VPN Encryption is enabled for Azure Virtual WANAzureInfrastructure Security
MEDIUM
AC_AZURE_0355Ensure DDoS protection standard is enabled for Azure Virtual NetworkAzureInfrastructure Security
MEDIUM
AC_AZURE_0356Ensure every subnet block is configured with a Network Security Group in Azure Virtual NetworkAzureInfrastructure Security
MEDIUM
AC_AZURE_0357Ensure that UDP Services are restricted from the InternetAzureInfrastructure Security
HIGH
AC_AZURE_0358Ensure use of NSG with Azure Virtual Machine Scale SetAzureInfrastructure Security
MEDIUM
AC_AZURE_0359Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_AZURE_0361Ensure overprovisioning is disabled for Azure Virtual Machine Scale SetAzureLogging and Monitoring
LOW
AC_AZURE_0362Ensure boot diagnostics are enabled for Azure Virtual MachineAzureLogging and Monitoring
MEDIUM
AC_AZURE_0363Ensure ssh keys are used to auth Azure Virtual MachineAzureIdentity and Access Management
MEDIUM
AC_AZURE_0364Ensure that the latest OS patches for Azure Virtual MachineAzureCompliance Validation
MEDIUM
AC_AZURE_0365Ensure age in days after create to delete snapshot is more than 90 in Azure Storage Management PolicyAzureResilience
MEDIUM
AC_AZURE_0366Ensure that 'Public access level' is set to Private for blob containersAzureIdentity and Access Management
HIGH
AC_AZURE_0367Ensure Soft Delete is Enabled for Azure StorageAzureData Protection
MEDIUM
AC_AZURE_0368Ensure CORS rules are set according to organization's policy for Azure Storage AccountAzureInfrastructure Security
MEDIUM
AC_AZURE_0369Ensure that VM agent is installed on Azure Virtual MachineAzureCompliance Validation
LOW
AC_AZURE_0370Ensure that 'Public access level' is disabled for storage accounts with blob containersAzureInfrastructure Security
HIGH
AC_AZURE_0371Ensure 'Trusted Microsoft Services' are Enabled for Storage Account AccessAzureInfrastructure Security
HIGH
AC_AZURE_0372Ensure Default Network Access Rule for Storage Accounts is Set to DenyAzureInfrastructure Security
MEDIUM
AC_AZURE_0373Ensure that 'Secure transfer required' is set to 'Enabled'AzureData Protection
HIGH
AC_AZURE_0374Ensure a firewall is attached to Azure SQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0375Ensure that 'Auditing' Retention is 'greater than 90 days'AzureCompliance Validation
LOW
AC_AZURE_0376Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0377Ensure usage of names like 'Admin' are avoided for Azure SQL ServerAzureCompliance Validation
MEDIUM
AC_AZURE_0378Ensure that Azure Active Directory Admin is configuredAzureIdentity and Access Management
HIGH
AC_AZURE_0379Ensure data encryption is enabled for Azure Synapse SQL PoolAzureData Protection
MEDIUM
AC_AZURE_0380Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)AzureInfrastructure Security
MEDIUM
AC_AZURE_0381Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall RuleAzureInfrastructure Security
HIGH
AC_AZURE_0382Ensure SQL Server audit with selected event types is enabled and has retention period of minimum 365 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0383Ensure that 'Threat Detection' is enabled for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0384Ensure that names like 'Admin' are not used for Azure SQL Server Active Directory AdministratorAzureCompliance Validation
MEDIUM
AC_AZURE_0385Ensure that standard pricing tiers are selected in Azure Security Center Subscription PricingAzureSecurity Best Practices
MEDIUM