AC_AZURE_0431 | Ensure SaltStack Master (TCP:4506) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0436 | Ensure SaltStack Master (TCP:4505) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0438 | Ensure SQL Server Analysis (TCP:2383) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0443 | Ensure SNMP (Udp:161) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0453 | Ensure web port (TCP:3000) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0461 | Ensure POP3 (TCP:110) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0462 | Ensure POP3 (TCP:110) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0468 | Ensure Oracle DB SSL (TCP:2484) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0474 | Ensure NetBIOS Session Service (TCP:139) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0476 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0477 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0478 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0482 | Ensure NetBIOS Name Service (Udp:137) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0488 | Ensure MySQL (TCP:3306) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0493 | Ensure Mongo Web Portal (TCP:27018) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0497 | Ensure Memcached SSL (Udp:11215) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0510 | Ensure MSSQL Server (TCP:1433) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0516 | Ensure MSSQL Browser (Udp:1434) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0518 | Ensure MSSQL Admin (TCP:1434) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0531 | Ensure Hadoop Name Node (TCP:9000) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0081 | Ensure AWS EBS Volume has a corresponding AWS EBS Snapshot | AWS | Data Protection | HIGH |
AC_AWS_0374 | Ensure data encryption is enabled for AWS X-Ray | AWS | Data Protection | HIGH |
AC_AWS_0431 | Ensure cloud users don't have any direct permissions in AWS IAM Policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0445 | Ensure policies are used for AWS CloudFormation Stacks | AWS | Security Best Practices | MEDIUM |
AC_AWS_0453 | Ensure one target group is configured to listen on HTTPS for AWS Load Balancer | AWS | Infrastructure Security | HIGH |
AC_AWS_0462 | Ensure no policy is attached that may cause privilege escalation for AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0465 | Ensure secrets are encrypted using AWS KMS key for AWS Secrets Manager | AWS | Data Protection | MEDIUM |
AC_AWS_0469 | Ensure EMR cluster is Configured with Kerberos Authentication | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0473 | Ensure principal element is not empty in AWS IAM Trust Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0480 | Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
AC_AWS_0488 | Ensure there is no IAM policy with invalid policy element | AWS | Identity and Access Management | LOW |
AC_AWS_0490 | Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked roles | AWS | Identity and Access Management | HIGH |
AC_AWS_0497 | Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0550 | Ensure actions '*' and resource '*' are not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AZURE_0157 | Ensure that pod security policy is enabled for Azure Kubernetes Cluster | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AWS_0145 | Ensure that full access to edit IAM Policies is restricted | AWS | Identity and Access Management | HIGH |
AC_AZURE_0329 | Ensure custom script extensions are not used in Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_GCP_0101 | Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0254 | Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_AWS_0228 | Ensure Security Groups do not have unrestricted specific ports open - (HTTP,80) | AWS | Infrastructure Security | HIGH |
AC_AWS_0231 | Ensure no security groups allow ingress from 0.0.0.0/0 to ALL ports and protocols | AWS | Infrastructure Security | HIGH |
AC_AWS_0248 | Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (TCP,11214) | AWS | Infrastructure Security | HIGH |
AC_AWS_0257 | Ensure Security Groups do not have unrestricted specific ports open - NetBIOS Datagram Service (UDP,138) | AWS | Infrastructure Security | HIGH |
AC_AWS_0258 | Ensure Security Groups do not have unrestricted specific ports open - NetBIOS Session Service (TCP,139) | AWS | Infrastructure Security | HIGH |
AC_AWS_0263 | Ensure Security Groups do not have unrestricted specific ports open - Postgres SQL (UDP,5432) | AWS | Infrastructure Security | HIGH |
AC_AWS_0264 | Ensure Security Groups do not have unrestricted specific ports open - Prevalent known internal port (TCP,3000) | AWS | Infrastructure Security | HIGH |
AC_AWS_0268 | Ensure Security Groups do not have unrestricted specific ports open - SQL Server Analysis Services (TCP,2383) | AWS | Infrastructure Security | HIGH |
AC_AWS_0278 | Ensure SaltStack Master (TCP,4506) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0287 | Ensure MSSQL Browser Service (UDP,1434) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0288 | Ensure MSSQL Debugger (TCP,135) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |