Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0455Ensure monitoring is enabled for AWS Launch ConfigurationAWSLogging and Monitoring
HIGH
AC_AWS_0459Ensure detailed monitoring is enabled for AWS EC2 instancesAWSCompliance Validation
LOW
AC_AWS_0555Ensure IAM instance roles are used for AWS resource access from instancesAWSIdentity and Access Management
MEDIUM
AC_AZURE_0111Ensure that automatic upgrades are enabled for Azure Virtual Machine ExtensionAzureInfrastructure Security
MEDIUM
AC_AZURE_0150Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale SetAzureCompliance Validation
MEDIUM
AC_AZURE_0160Ensure that private cluster is enabled for Azure Kubernetes ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0187Ensure user id's are all system managed for Azure Container GroupAzureIdentity and Access Management
LOW
AC_AZURE_0223Ensure that auto-scaling is enabled for Azure Kubernetes ClusterAzureResilience
MEDIUM
AC_AZURE_0256Ensure private DNS zones are not linked to Azure Virtual NetworkAzureCompliance Validation
LOW
AC_AZURE_0359Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_AZURE_0548Ensure disk encryption is enabled for Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_GCP_0019Ensure labels are configured for Google Container ClusterGCPCompliance Validation
LOW
AC_GCP_0243Ensure application-layer secrets are encrypted for Google Container ClusterGCPInfrastructure Security
MEDIUM
AC_GCP_0244Ensure HTTP load balancing is enabled for Google Container ClusterGCPResilience
MEDIUM
AC_GCP_0269Ensure that 'always allow' evaluation mode is restricted for Google Binary Authorization PolicyGCPSecurity Best Practices
MEDIUM
AC_K8S_0031Ensure that the --audit-log-path argument is setKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0034Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0043Ensure that the API Server only makes use of Strong Cryptographic CiphersKubernetesData Protection
MEDIUM
AC_K8S_0059Ensure that the --client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0061Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0068Ensure image tag is set in Kubernetes workload configurationKubernetesSecurity Best Practices
LOW
AC_K8S_0069Ensure that every container image has a hash digest in all Kubernetes workloadsKubernetesInfrastructure Security
MEDIUM
AC_K8S_0070Ensure liveness probe is configured for containers in all Kubernetes workloadsKubernetesSecurity Best Practices
LOW
AC_K8S_0072Ensure readiness probe is configured for containers in all Kubernetes workloadsKubernetesSecurity Best Practices
LOW
AC_K8S_0073Ensure AppArmor profile is not set to runtime/default in Kubernetes workload configurationKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0077Ensure 'procMount' is set to default in all Kubernetes workloadsKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0079Ensure containers run with a high UID usually > 1000 to avoid host conflictKubernetesInfrastructure Security
MEDIUM
AC_K8S_0081Ensure only allowed volume types are mounted for all Kubernetes workloadsKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0096Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0099Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0100Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0131Ensure that the --bind-address argument is set to 127.0.0.1KubernetesCompliance Validation
MEDIUM
AC_AWS_0085Ensure permissions are tightly controlled for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
HIGH
AC_AZURE_0197Ensure custom script extensions are not used in Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0200Ensure custom script extensions are not used in Azure Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0348Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_AZURE_0561Ensure Virtual Machines are utilizing Managed DisksAzureData Protection
MEDIUM
AC_GCP_0017Ensure Node Auto-Upgrade is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_GCP_0028Ensure Legacy Authorization (ABAC) is DisabledGCPIdentity and Access Management
HIGH
AC_GCP_0040Ensure That Instances Are Not Configured To Use the Default Service AccountGCPIdentity and Access Management
HIGH
AC_GCP_0229Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)GCPData Protection
MEDIUM
AC_GCP_0270Ensure the GKE Metadata Server is EnabledGCPSecurity Best Practices
LOW
AC_GCP_0276Ensure use of Binary AuthorizationGCPInfrastructure Security
LOW
AC_GCP_0278Ensure Oslogin Is Enabled for a Project - google_compute_instanceGCPSecurity Best Practices
LOW
AC_GCP_0297Ensure legacy Compute Engine instance metadata APIs are DisabledGCPInfrastructure Security
LOW
AC_GCP_0323Ensure Compute Instances Are Launched With Shielded VM EnabledGCPInfrastructure Security
LOW
AC_GCP_0327Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption KeyGCPInfrastructure Security
LOW
AC_K8S_0056Ensure that the RotateKubeletServerCertificate argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0064Apply Security Context to Your Pods and ContainersKubernetesInfrastructure Security
MEDIUM
AC_K8S_0086The default namespace should not be usedKubernetesSecurity Best Practices
LOW