Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0537Ensure Cassandra OpsCenter (TCP:61621) is not exposed to public for Azure Network Security RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0545Ensure usage of names like 'Admin' are avoided for Azure SQL ServerAzureCompliance Validation
MEDIUM
AC_AWS_0448Ensure log retention period of at least 90 days retention period for AWS CloudWatch Log GroupAWSSecurity Best Practices
HIGH
AC_AZURE_0142Ensure CORS is tightly controlled and managed for Azure Linux Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0389Ensure resource lock enabled for Azure Resource GroupAzureIdentity and Access Management
LOW
AC_AWS_0204Ensure CloudWatch logging is enabled for AWS Route53 hosted zonesAWSLogging and Monitoring
MEDIUM
AC_AWS_0387Ensure that access policy does not allow anonymous access for AWS Secrets ManagerAWSSecurity Best Practices
HIGH
AC_AZURE_0279Ensure notification email setting is enabled for Azure SQL Database Threat Detection PolicyAzureLogging and Monitoring
LOW
AC_AWS_0214Ensure versioning is enabled for AWS S3 BucketsAWSResilience
HIGH
AC_AWS_0096Ensure encryption is enabled for AWS EFS file systemsAWSData Protection
HIGH
AC_AWS_0317Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0318Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0370Ensure default VPC is not used for AWS VPCAWSSecurity Best Practices
MEDIUM
AC_AWS_0509Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0514Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0517Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0528Ensure LDAP (UDP:389) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0529Ensure LDAP (UDP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0534Ensure Memcached SSL (UDP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0544Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_K8S_0108Ensure Kubernetes rolebindings with get and patch Kubernetes roles are minimized in Kubernetes RoleKubernetesIdentity and Access Management
MEDIUM
AC_AWS_0025Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0027Ensure there is no IAM policy with invalid partition used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0031Ensure only lower case letters are in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0037Ensure logging for global services is enabled for AWS CloudTrailAWSLogging and Monitoring
MEDIUM
AC_AWS_0130Ensure 'Job Bookmark Encryption' is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0398Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0404Ensure Principal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0405Ensure NotPrincipal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0410Ensure wildcards(*) are only at end of strings in Action of AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0425Ensure root access is disabled for AWS SageMaker Notebook instancesAWSSecurity Best Practices
HIGH
AC_AWS_0433Ensure cloud users don't have any direct permissions in AWS IAM User Policy AttachmentAWSIdentity and Access Management
MEDIUM
AC_AWS_0436Ensure automatic backups are enabled for AWS Elasticache ClusterAWSData Protection
MEDIUM
AC_AWS_0478Ensure that IP range is specified in CIDR format for AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0479Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0482Ensure there is no policy with invalid principal key for AWS S3 Bucket policyAWSIdentity and Access Management
LOW
AC_AWS_0489Ensure Creation of SLR with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0495Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AZURE_0115Ensure that authentication feature is enabled for Azure Linux Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0139Ensure regular backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0253Ensure system-assigned managed identity authentication is used for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AZURE_0290Ensure that Azure policies add-on are used for Azure Kubernetes ClusterAzureSecurity Best Practices
MEDIUM
AC_AZURE_0362Ensure boot diagnostics are enabled for Azure Virtual MachineAzureLogging and Monitoring
MEDIUM
AC_AZURE_0550Ensure disk encryption is enabled for Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_GCP_0022Ensure PodSecurityPolicy controller is enabled on Google Container ClusterGCPCompliance Validation
HIGH
AC_GCP_0274Ensure OSLogin is enabled for centralized SSH key pair management using Google ProjectGCPIdentity and Access Management
MEDIUM
AC_GCP_0275Ensure multi-factor authentication is enabled for Google Compute Project MetadataGCPSecurity Best Practices
LOW
AC_AWS_0045Ensure 'password policy' is enabled - at least 1 upper case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0046Ensure 'password policy' is enabled - at least 1 symbolAWSIdentity and Access Management
MEDIUM
AC_AWS_0052Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH