Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0318Ensure that integer variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0415Ensure that the retention policy is enabled for Azure Network Watcher Flow LogAzureResilience
MEDIUM
AC_K8S_0110Ensure that the Tiller Service (Helm v2) is not deployed for Kubernetes serviceKubernetesInfrastructure Security
MEDIUM
AC_K8S_0119Ensure protocols are explicitly declared where possible for Istio ServicesKubernetesSecurity Best Practices
MEDIUM
AC_AZURE_0228Ensure that customer managed key is used for encryption for Azure Container RegistryAzureData Protection
MEDIUM
AC_AWS_0071Ensure encryption at rest is enabled for AWS DocumentDB clustersAWSData Protection
MEDIUM
AC_AWS_0079Ensure default encryption is enabled for AWS EBS VolumesAWSData Protection
HIGH
AC_AWS_0125Ensure public access is disabled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0179Ensure auto minor version upgrade is enabled for AWS MQ BrokersAWSSecurity Best Practices
MEDIUM
AC_AWS_0180Ensure inter-cluster encryption is enabled for AWS MSK clusterAWSData Protection
HIGH
AC_AWS_0181Ensure that TLS-Only communication should be allowed between AWS MSK client and brokerAWSInfrastructure Security
HIGH
AC_AWS_0378Ensure all data stored is encrypted at-rest for AWS Elasticache Replication GroupAWSData Protection
HIGH
AC_AWS_0446Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AZURE_0141Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB ServerAzureInfrastructure Security
HIGH
AC_AZURE_0174Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure ImageAzureCompliance Validation
LOW
AC_AZURE_0281Ensure latest version of Azure Kubernetes Cluster is in useAzureInfrastructure Security
MEDIUM
AC_AZURE_0310Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual MachineAzureInfrastructure Security
MEDIUM
AC_AZURE_0320Ensure that boolean variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0417Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow LogAzureSecurity Best Practices
MEDIUM
AC_GCP_0287Ensure in-transit encryption is enabled for Google App Engine Standard App VersionGCPInfrastructure Security
MEDIUM
AC_K8S_0111Ensure for exposing Kubernetes workload to the internet, NodePort service is not usedKubernetesInfrastructure Security
LOW
AC_K8S_0124Ensure envoy proxies are not configured in permissive mode in Istio Peer AuthenticationKubernetesInfrastructure Security
MEDIUM
AC_K8S_0126Ensure Kubernetes hot-patch daemonset for Log4j2 is appliedKubernetesConfiguration and Vulnerability Analysis
HIGH
AC_AWS_0448Ensure log retention period of at least 90 days retention period for AWS CloudWatch Log GroupAWSSecurity Best Practices
HIGH
AC_AWS_0011Ensure that the endpoint type is set to private for API Gateway Rest APIAWSInfrastructure Security
MEDIUM
AC_AWS_0515Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0527Ensure LDAP (UDP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0533Ensure Memcached SSL (UDP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0538Ensure Oracle DB (TCP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0542Ensure Redis without SSL (TCP:6379) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AZURE_0114Ensure HTTPS is enabled for Azure Linux Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0188Ensure end-to-end TLS is enabled to encrypt and securely transmit sensitive data to the backend for Azure Application GatewayAzureInfrastructure Security
MEDIUM
AC_AZURE_0161Ensure that kubernetes dashboard is disabled for Azure Kubernetes ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0177Ensure latest TLS version is in use for Azure Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0178Ensure HTTPS is enabled for Azure Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0249Ensure that '.Net Framework' version is the latest in Azure App ServiceAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AZURE_0400Ensure TLS connection is enabled for Azure PostgreSQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0362Ensure boot diagnostics are enabled for Azure Virtual MachineAzureLogging and Monitoring
MEDIUM
AC_AWS_0017Ensure egress filter is set as 'DROP_ALL' for AWS Application MeshAWSInfrastructure Security
MEDIUM
AC_AWS_0087Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS)AWSIdentity and Access Management
HIGH
AC_AWS_0088Ensure Amazon Elastic Container Service (ECS) clusters are placed in a VPCAWSInfrastructure Security
HIGH
AC_AWS_0203Ensure Enhanced VPC routing should be enabled for AWS Redshift ClustersAWSInfrastructure Security
MEDIUM
AC_AWS_0225Ensure network isolation is enabled for AWS SageMakerAWSSecurity Best Practices
MEDIUM
AC_AZURE_0105Ensure that the attribute 'vulnerable_tls_cipher_suite' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0106Ensure that the attribute 'acr_authentication' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0107Ensure that the attribute 'baseline' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0145Ensure ingestion is not supported over public internet for Azure Log Analytics WorkspaceAzureInfrastructure Security
HIGH
AC_AZURE_0196Ensure that IP restrictions rules are configured for Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0263Ensure public network access is disabled for Azure Batch AccountAzureInfrastructure Security
MEDIUM
AC_AZURE_0309Ensure default network access rule is set to deny in Azure Storage Account Network RulesAzureInfrastructure Security
MEDIUM