Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0336Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_GCP_0014Ensure That DNSSEC Is Enabled for Cloud DNSGCPInfrastructure Security
MEDIUM
AC_AWS_0137Eliminate use of the root user for administrative and daily tasksAWSCompliance Validation
MEDIUM
AC_AWS_0589Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_K8S_0082Minimize the admission of containers wishing to share the host process ID namespaceKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0106Ensure that the cluster-admin role is only used where requiredKubernetesIdentity and Access Management
HIGH
AC_AWS_0556Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0561Ensure a log metric filter and alarm exist for IAM policy changesAWSSecurity Best Practices
HIGH
AC_AWS_0568Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)AWSSecurity Best Practices
HIGH
AC_AWS_0569Ensure a log metric filter and alarm exist for changes to network gatewaysAWSSecurity Best Practices
HIGH
AC_AWS_0572Ensure a log metric filter and alarm exists for AWS Organizations changesAWSSecurity Best Practices
HIGH
AC_AWS_0599Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedAWSIdentity and Access Management
MEDIUM
AC_AWS_0600Ensure there is only one active access key available for any single IAM userAWSIdentity and Access Management
MEDIUM
AC_GCP_0001Ensure That Cloud SQL Database Instances Are Configured With Automated BackupsGCPResilience
MEDIUM
AC_GCP_0281Ensure That Compute Instances Have Confidential Computing EnabledGCPSecurity Best Practices
MEDIUM
AC_GCP_0301Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIsGCPIdentity and Access Management
HIGH
AC_AZURE_0070Ensure that Activity Log Alert exists for Delete Public IP Address ruleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0071Ensure that Activity Log Alert exists for Delete SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0340Ensure that Activity Log alert exists for the Delete Network Security Group RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0554Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled'AzureData Protection
LOW
AC_K8S_0054Ensure that the --service-account-private-key-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0130Ensure that the --profiling argument is set to falseKubernetesCompliance Validation
MEDIUM
AC_K8S_0010Ensure that the --read-only-port is disabledKubernetesIdentity and Access Management
LOW
AC_GCP_0039Ensure "Block Project-Wide SSH Keys" Is Enabled for VM InstancesGCPInfrastructure Security
LOW
AC_GCP_0225Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'GCPCompliance Validation
LOW
AC_GCP_0238Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible - google_storage_bucket_iam_memberGCPIdentity and Access Management
HIGH
AC_GCP_0249Ensure That Cloud SQL Database Instances Do Not Have Public IPsGCPCompliance Validation
MEDIUM
AC_GCP_0257Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1' (Disabled)GCPCompliance Validation
LOW
AC_AWS_0608Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_GCP_0232Ensure That IP Forwarding Is Not Enabled on InstancesGCPInfrastructure Security
MEDIUM
AC_K8S_0075Minimize the admission of containers with the NET_RAW capabilityKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0248Ensure That 'PHP version' is the Latest, If Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AWS_0596Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AZURE_0323Ensure that Microsoft Defender for Kubernetes is set to 'On'AzureData Protection
MEDIUM
AC_K8S_0029Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0035Ensure that the --request-timeout argument is set as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0092Ensure that the --kubelet-https argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0008Ensure that a Client CA File is ConfiguredKubernetesIdentity and Access Management
HIGH
AC_K8S_0046Minimize the admission of privileged containersKubernetesIdentity and Access Management
HIGH
AC_K8S_0104Minimize wildcard use in Roles and ClusterRolesKubernetesIdentity and Access Management
HIGH
AC_AWS_0049Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0434Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_GCP_0367Ensure API Keys Are Rotated Every 90 DaysGCPSecurity Best Practices
MEDIUM
AC_AZURE_0410Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database ServerAzureResilience
MEDIUM
AC_GCP_0231Enable VPC Flow Logs and Intranode VisibilityGCPInfrastructure Security
MEDIUM
AC_K8S_0091Ensure that the --token-auth-file parameter is not setKubernetesIdentity and Access Management
MEDIUM
AC_AZURE_0038Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0039Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0045Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)AzureInfrastructure Security
MEDIUM
AC_AZURE_0238Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage AccountAzureIdentity and Access Management
MEDIUM