AC_AZURE_0295 | Ensure that logging for detailed error messages is enabled for Azure App Service | Azure | Logging and Monitoring | LOW |
AC_AZURE_0301 | Ensure that key vault is used to encrypt data for Azure Batch Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0303 | Ensure that authentication feature is enabled for Azure Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0310 | Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0311 | Ensure public access is disabled for Azure IoT Hub | Azure | Infrastructure Security | HIGH |
AC_AZURE_0312 | Ensure public network access disabled for Azure Eventgrid Domain | Azure | Infrastructure Security | HIGH |
AC_AZURE_0314 | Ensure that Web Application Firewall (WAF) enabled for Azure Front Door | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0320 | Ensure that boolean variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0324 | Ensure that Microsoft Defender for Container Registries is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0331 | Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0332 | Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0338 | Ensure that Activity Log Alert exists for Delete Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0343 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0345 | Ensure data exfiltration protection is enabled for Azure Synapse Workspace | Azure | Data Protection | MEDIUM |
AC_AZURE_0346 | Ensure provider status is in provisioned state for Azure Express Route Circuit | Azure | Compliance Validation | LOW |
AC_AZURE_0358 | Ensure use of NSG with Azure Virtual Machine Scale Set | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0361 | Ensure overprovisioning is disabled for Azure Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_AZURE_0373 | Ensure that 'Secure transfer required' is set to 'Enabled' | Azure | Data Protection | HIGH |
AC_AZURE_0376 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0377 | Ensure usage of names like 'Admin' are avoided for Azure SQL Server | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0378 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_AZURE_0386 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0388 | Ensure guest users are disabled for Azure Role Assignment | Azure | Identity and Access Management | HIGH |
AC_AZURE_0390 | Ensure accessibility is restricted to 256 hosts for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0396 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0400 | Ensure TLS connection is enabled for Azure PostgreSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0402 | Ensure audit log retention period is greater than 90 days for Azure PostgreSQL Server | Azure | Resilience | LOW |
AC_AZURE_0409 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0417 | Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0420 | Ensure only whitelisted IPs can use Azure Search Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0424 | Ensure VNC Server (TCP:5900) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0428 | Ensure Telnet (TCP:23) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0431 | Ensure SaltStack Master (TCP:4506) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0436 | Ensure SaltStack Master (TCP:4505) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0438 | Ensure SQL Server Analysis (TCP:2383) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0443 | Ensure SNMP (Udp:161) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0453 | Ensure web port (TCP:3000) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0461 | Ensure POP3 (TCP:110) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0462 | Ensure POP3 (TCP:110) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0468 | Ensure Oracle DB SSL (TCP:2484) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0474 | Ensure NetBIOS Session Service (TCP:139) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0476 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0477 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0478 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0482 | Ensure NetBIOS Name Service (Udp:137) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0488 | Ensure MySQL (TCP:3306) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0493 | Ensure Mongo Web Portal (TCP:27018) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0497 | Ensure Memcached SSL (Udp:11215) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0510 | Ensure MSSQL Server (TCP:1433) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |