Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0534Ensure Memcached SSL (UDP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0544Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_K8S_0108Ensure Kubernetes rolebindings with get and patch Kubernetes roles are minimized in Kubernetes RoleKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0051Prefer using secrets as files over secrets as environment variablesKubernetesInfrastructure Security
HIGH
AC_AWS_0058Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0067Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scopeAWSInfrastructure Security
HIGH
AC_AZURE_0019Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_GCP_0317Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'GCPCompliance Validation
LOW
AC_AZURE_0556Ensure That No Custom Subscription Administrator Roles ExistAzureIdentity and Access Management
MEDIUM
AC_GCP_0318Ensure That Sinks Are Configured for All Log EntriesGCPLogging and Monitoring
LOW
AC_GCP_0368Ensure Logging is enabled for HTTP(S) Load BalancerGCPSecurity Best Practices
MEDIUM
AC_AWS_0595Ensure access keys are rotated every 90 days or lessAWSIdentity and Access Management
MEDIUM
AC_AZURE_0401Ensure that Azure Active Directory Admin is configuredAzureIdentity and Access Management
HIGH
AC_K8S_0024Ensure that the admission control plugin NamespaceLifecycle is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0065Ensure that a unique Certificate Authority is used for etcdKubernetesInfrastructure Security
MEDIUM
AC_K8S_0095Ensure that the --authorization-mode argument includes NodeKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0102Ensure impersonate access to Kubernetes resources is minimized in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_K8S_0010Ensure that the --read-only-port is disabledKubernetesIdentity and Access Management
LOW
AC_K8S_0094Ensure that the --authorization-mode argument is not set to AlwaysAllowKubernetesIdentity and Access Management
MEDIUM
AC_AWS_0137Eliminate use of the root user for administrative and daily tasksAWSCompliance Validation
MEDIUM
AC_AWS_0589Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AZURE_0340Ensure that Activity Log alert exists for the Delete Network Security Group RuleAzureLogging and Monitoring
MEDIUM
AC_K8S_0054Ensure that the --service-account-private-key-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0130Ensure that the --profiling argument is set to falseKubernetesCompliance Validation
MEDIUM
AC_AZURE_0070Ensure that Activity Log Alert exists for Delete Public IP Address ruleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0071Ensure that Activity Log Alert exists for Delete SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0554Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled'AzureData Protection
LOW
AC_K8S_0005Ensure that the Anonymous Auth is Not EnabledKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0009Ensure that the --rotate-certificates argument is not present or is set to trueKubernetesData Protection
MEDIUM
AC_K8S_0040Ensure that a Client CA File is ConfiguredKubernetesData Protection
MEDIUM
AC_K8S_0008Ensure that a Client CA File is ConfiguredKubernetesIdentity and Access Management
HIGH
AC_K8S_0046Minimize the admission of privileged containersKubernetesIdentity and Access Management
HIGH
AC_K8S_0104Minimize wildcard use in Roles and ClusterRolesKubernetesIdentity and Access Management
HIGH
AC_AZURE_0248Ensure That 'PHP version' is the Latest, If Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AWS_0596Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AZURE_0323Ensure that Microsoft Defender for Kubernetes is set to 'On'AzureData Protection
MEDIUM
AC_K8S_0029Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0035Ensure that the --request-timeout argument is set as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0092Ensure that the --kubelet-https argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0082Minimize the admission of containers wishing to share the host process ID namespaceKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0106Ensure that the cluster-admin role is only used where requiredKubernetesIdentity and Access Management
HIGH
AC_AWS_0049Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0434Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_GCP_0367Ensure API Keys Are Rotated Every 90 DaysGCPSecurity Best Practices
MEDIUM
AC_AZURE_0410Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database ServerAzureResilience
MEDIUM
AC_K8S_0091Ensure that the --token-auth-file parameter is not setKubernetesIdentity and Access Management
MEDIUM
AC_GCP_0231Enable VPC Flow Logs and Intranode VisibilityGCPInfrastructure Security
MEDIUM
AC_AZURE_0038Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0039Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0045Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)AzureInfrastructure Security
MEDIUM