Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_GCP_0290Ensure master authorized networks config block is set for Google Container ClusterGCPInfrastructure Security
LOW
AC_K8S_0127Ensure metadata annotations are restricted in an Ingress objectKubernetesInfrastructure Security
HIGH
AC_AZURE_0127Ensure that Azure Active Directory Admin is configured for Azure MySQL Single ServerAzureIdentity and Access Management
HIGH
AC_AWS_0615Ensure AWS Lambda functions are configured to use provisioned concurrencyAWSResilience
LOW
AC_AZURE_0350Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale SetAzureLogging and Monitoring
LOW
AC_GCP_0294Ensure the number of instances running simultaneously are limited for Google App Engine Standard App VersionGCPSecurity Best Practices
LOW
AC_AZURE_0235Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0001Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AWS_0579Ensure multiple availability zones are used to deploy AWS NAT GatewaysAWSSecurity Best Practices
MEDIUM
AC_AZURE_0146Ensure log analytics workspace has daily quota value set for Azure Log Analytics WorkspaceAzureCompliance Validation
LOW
AC_AWS_0142Ensure IAM password policy requires minimum length of 14 or greaterAWSCompliance Validation
MEDIUM
AC_AWS_0081Ensure AWS EBS Volume has a corresponding AWS EBS SnapshotAWSData Protection
HIGH
AC_AWS_0374Ensure data encryption is enabled for AWS X-RayAWSData Protection
HIGH
AC_AWS_0431Ensure cloud users don't have any direct permissions in AWS IAM PolicyAWSIdentity and Access Management
MEDIUM
AC_AWS_0445Ensure policies are used for AWS CloudFormation StacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0453Ensure one target group is configured to listen on HTTPS for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0462Ensure no policy is attached that may cause privilege escalation for AWS IAM Role PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0465Ensure secrets are encrypted using AWS KMS key for AWS Secrets ManagerAWSData Protection
MEDIUM
AC_AWS_0469Ensure EMR cluster is Configured with Kerberos AuthenticationAWSInfrastructure Security
MEDIUM
AC_AWS_0473Ensure principal element is not empty in AWS IAM Trust PolicyAWSIdentity and Access Management
LOW
AC_AWS_0480Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0488Ensure there is no IAM policy with invalid policy elementAWSIdentity and Access Management
LOW
AC_AWS_0490Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked rolesAWSIdentity and Access Management
HIGH
AC_AWS_0497Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0550Ensure actions '*' and resource '*' are not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AZURE_0157Ensure that pod security policy is enabled for Azure Kubernetes ClusterAzureConfiguration and Vulnerability Analysis
HIGH
AC_AZURE_0278Ensure HTTP is disallowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AWS_0145Ensure that full access to edit IAM Policies is restrictedAWSIdentity and Access Management
HIGH
AC_AZURE_0329Ensure custom script extensions are not used in Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_AWS_0007Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method SettingsAWSLogging and Monitoring
MEDIUM
AC_AWS_0420Ensure there is no policy with Empty array ConditionAWSIdentity and Access Management
LOW
AC_AZURE_0171Ensure zone resiliency is turned on for all Azure ImageAzureResilience
LOW
AC_AZURE_0181Ensure Azure services are zone redundant for Azure Eventhub NamespaceAzureResilience
MEDIUM
AC_AWS_0151Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0585Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AZURE_0214Ensure Azure Keyvaults are used to store secretsAzureData Protection
LOW
AC_AZURE_0356Ensure every subnet block is configured with a Network Security Group in Azure Virtual NetworkAzureInfrastructure Security
MEDIUM
AC_AZURE_0385Ensure that standard pricing tiers are selected in Azure Security Center Subscription PricingAzureSecurity Best Practices
MEDIUM
AC_GCP_0233Ensure logging is enabled for Google Cloud Storage BucketsGCPLogging and Monitoring
LOW
AC_AWS_0386Ensure that inline policy does not expose secrets in AWS Secrets ManagerAWSSecurity Best Practices
HIGH
AC_AWS_0076Ensure point-in-time-recovery (PITR) is enabled for AWS DynamoDB tablesAWSResilience
MEDIUM
AC_AWS_0044Ensure 'password policy' is enabled - at least 1 lower case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0075Ensure deletion protection is enabled for AWS DocumentDB ClustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0117Ensure latest TLS version is used for AWS ElasticSearch NodesAWSInfrastructure Security
MEDIUM
AC_AWS_0154Ensure IMDSv1 is disabled for AWS EC2 instancesAWSInfrastructure Security
HIGH
AC_AWS_0367Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway VolumesAWSSecurity Best Practices
HIGH
AC_AWS_0375Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tablesAWSData Protection
MEDIUM
AC_AWS_0376Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tablesAWSData Protection
HIGH
AC_AWS_0379Ensure all data stored is encrypted in-transit for AWS Elasticache Replication GroupAWSData Protection
HIGH
AC_AWS_0380Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication GroupAWSData Protection
HIGH