Detections
Analytics

Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_AZURE_0311Ensure public access is disabled for Azure IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0312Ensure public network access disabled for Azure Eventgrid DomainAzureInfrastructure Security
HIGH
AC_AZURE_0313Ensure that virtual networks are in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0314Ensure that Web Application Firewall (WAF) enabled for Azure Front DoorAzureInfrastructure Security
MEDIUM
AC_AZURE_0315Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB AccountAzureData Protection
MEDIUM
AC_AZURE_0316Ensure public network access disabled for Azure CosmosDB AccountAzureInfrastructure Security
MEDIUM
AC_AZURE_0317Ensure that string variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0318Ensure that integer variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0319Ensure that date-time variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0320Ensure that boolean variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0321Ensure public access is disabled for Azure Managed DiskAzureInfrastructure Security
HIGH
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0323Ensure that Microsoft Defender for Kubernetes is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0324Ensure that Microsoft Defender for Container Registries is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0325Ensure that Microsoft Defender for Storage is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0326Ensure that Microsoft Defender for SQL servers on machines is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0327Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureData Protection
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_AZURE_0329Ensure custom script extensions are not used in Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0330Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is SelectedAzureCompliance Validation
MEDIUM
AC_AZURE_0331Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selectedAzureCompliance Validation
MEDIUM
AC_AZURE_0332Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_AZURE_0333Ensure that Activity Log Alert exists for Delete Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0334Ensure FTP deployments are DisabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0335Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'AzureInfrastructure Security
MEDIUM
AC_AZURE_0336Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0337Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0338Ensure that Activity Log Alert exists for Delete Security SolutionAzureLogging and Monitoring
MEDIUM
AC_AZURE_0339Ensure that Activity Log Alert exists for Create or Update Security SolutionAzureLogging and Monitoring
MEDIUM
AC_AZURE_0340Ensure that Activity Log alert exists for the Delete Network Security Group RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0341Ensure that Activity Log Alert exists for Create or Update Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0342Ensure that RDP access is restricted from the internetAzureInfrastructure Security
HIGH
AC_AZURE_0343Ensure that Activity Log Alert exists for Create or Update Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0344Ensure that Activity Log Alert exists for Delete Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AZURE_0345Ensure data exfiltration protection is enabled for Azure Synapse WorkspaceAzureData Protection
MEDIUM
AC_AZURE_0346Ensure provider status is in provisioned state for Azure Express Route CircuitAzureCompliance Validation
LOW
AC_AZURE_0347Ensure that automatic failover is enabled for Azure CosmosDB AccountAzureData Protection
MEDIUM
AC_AZURE_0348Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_AZURE_0349Ensure disk encryption is enabled for Azure Windows Virtual Machine Scale SetAzureData Protection
MEDIUM
AC_AZURE_0350Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale SetAzureLogging and Monitoring
LOW
AC_AZURE_0351Ensure Azure Web Application Firewall Policy is enabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0352Ensure communications with known malicious IP addresses are denied via Azure Web Application Firewall PolicyAzureInfrastructure Security
MEDIUM
AC_AZURE_0353Ensure a site-to-site VPN functionality by making use of Azure Virtual WANAzureInfrastructure Security
MEDIUM
AC_AZURE_0354Ensure that VPN Encryption is enabled for Azure Virtual WANAzureInfrastructure Security
MEDIUM
AC_AZURE_0355Ensure DDoS protection standard is enabled for Azure Virtual NetworkAzureInfrastructure Security
MEDIUM
AC_AZURE_0356Ensure every subnet block is configured with a Network Security Group in Azure Virtual NetworkAzureInfrastructure Security
MEDIUM
AC_AZURE_0357Ensure that UDP Services are restricted from the InternetAzureInfrastructure Security
HIGH
AC_AZURE_0358Ensure use of NSG with Azure Virtual Machine Scale SetAzureInfrastructure Security
MEDIUM
AC_AZURE_0359Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM