Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0097Ensure that the Microsoft Defender for IoT Hub is enabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0103Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0111Ensure that automatic upgrades are enabled for Azure Virtual Machine ExtensionAzureInfrastructure Security
MEDIUM
AC_AZURE_0124Ensure latest TLS version is in use for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0135Ensure public access is disabled for Azure MSSQL ServerAzureInfrastructure Security
HIGH
AC_AZURE_0138Ensure geo-redundant backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0143Ensure that 'Unattached disks' are encrypted in Azure Managed DiskAzureData Protection
MEDIUM
AC_AZURE_0147Ensure Azure log retention is set at least 90 days for Azure Log Analytics WorkspaceAzureLogging and Monitoring
MEDIUM
AC_AZURE_0150Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale SetAzureCompliance Validation
MEDIUM
AC_AZURE_0154Ensure that TLS is enforced for Azure Load BalancerAzureResilience
LOW
AC_AZURE_0160Ensure that private cluster is enabled for Azure Kubernetes ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0187Ensure user id's are all system managed for Azure Container GroupAzureIdentity and Access Management
LOW
AC_AZURE_0193Ensure web sockets are disabled for Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0198Ensure compression is enabled for Azure CDN EndpointAzureResilience
MEDIUM
AC_AZURE_0199Ensure HTTPS is allowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AZURE_0201Ensure in-transit encryption is enabled for Azure Redis CacheAzureInfrastructure Security
MEDIUM
AC_AZURE_0203Ensure cross account access is disabled for Azure Synapse Firewall RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0205Ensure cross account access is disabled for Azure SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0210Ensure that Diagnostic Logs Are Enabled for All Services that Support itAzureLogging and Monitoring
MEDIUM
AC_AZURE_0223Ensure that auto-scaling is enabled for Azure Kubernetes ClusterAzureResilience
MEDIUM
AC_AZURE_0227Ensure advanced threat protection is enabled for Azure CosmosDB AccountAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AZURE_0230Ensure Developer/Premium SKUs are in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0233Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)AzureData Protection
MEDIUM
AC_AZURE_0237Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0239Ensure That 'All users with the following roles' is set to 'Owner'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0241Ensure that 'Data encryption' is set to 'On' on a SQL DatabaseAzureData Protection
MEDIUM
AC_AZURE_0255Ensure virtual network configuration is added for Azure Kusto ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0256Ensure private DNS zones are not linked to Azure Virtual NetworkAzureCompliance Validation
LOW
AC_AZURE_0283Ensure that Activity Log Retention is set 365 days or greater for Azure Monitor Log ProfileAzureLogging and Monitoring
MEDIUM
AC_AZURE_0285Ensure that SSH access is restricted from the internetAzureInfrastructure Security
HIGH
AC_AZURE_0294Ensure encryption is enabled for Azure Data Lake StoreAzureData Protection
MEDIUM
AC_AZURE_0299Ensure that Azure Data Explorer uses disk encryption in Azure Kusto ClusterAzureData Protection
MEDIUM
AC_AZURE_0305Ensure public access is disabled for Azure Storage SyncAzureInfrastructure Security
HIGH
AC_AZURE_0317Ensure that string variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0319Ensure that date-time variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0325Ensure that Microsoft Defender for Storage is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0326Ensure that Microsoft Defender for SQL servers on machines is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0330Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is SelectedAzureCompliance Validation
MEDIUM
AC_AZURE_0337Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0341Ensure that Activity Log Alert exists for Create or Update Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0352Ensure communications with known malicious IP addresses are denied via Azure Web Application Firewall PolicyAzureInfrastructure Security
MEDIUM
AC_AZURE_0359Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_AZURE_0367Ensure Soft Delete is Enabled for Azure StorageAzureData Protection
MEDIUM
AC_AZURE_0371Ensure 'Trusted Microsoft Services' are Enabled for Storage Account AccessAzureInfrastructure Security
HIGH
AC_AZURE_0384Ensure that names like 'Admin' are not used for Azure SQL Server Active Directory AdministratorAzureCompliance Validation
MEDIUM
AC_AZURE_0393Ensure regular security and operational updates are enabled for Azure Redis CacheAzureSecurity Best Practices
HIGH
AC_AZURE_0403Ensure email addresses are setup for Azure PostgreSQL ServerAzureCompliance Validation
LOW
AC_AZURE_0407Ensure geo-redundant backups are enabled for Azure PostgreSQL ServerAzureResilience
MEDIUM
AC_AZURE_0412Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_AZURE_0414Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configurationAzureLogging and Monitoring
MEDIUM