Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0059Ensure that HTTP(S) access from the Internet is evaluated and restrictedAzureInfrastructure Security
LOW
AC_AZURE_0370Ensure that 'Public access level' is disabled for storage accounts with blob containersAzureInfrastructure Security
HIGH
AC_AWS_0609Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AZURE_0169Ensure that logging for Azure KeyVault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_K8S_0021Ensure that the admission control plugin AlwaysPullImages is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0026Ensure that the admission control plugin NodeRestriction is setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0044Ensure that the --terminated-pod-gc-threshold argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0053Ensure that the --use-service-account-credentials argument is set to trueKubernetesIdentity and Access Management
LOW
AC_AZURE_0557Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_AZURE_0241Ensure that 'Data encryption' is set to 'On' on a SQL DatabaseAzureData Protection
MEDIUM
AC_GCP_0276Ensure use of Binary AuthorizationGCPInfrastructure Security
LOW
AC_GCP_0327Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption KeyGCPInfrastructure Security
LOW
AC_GCP_0330Ensure Essential Contacts is Configured for OrganizationGCPLogging and Monitoring
LOW
AC_AZURE_0156Enable role-based access control (RBAC) within Azure Kubernetes ServicesAzureIdentity and Access Management
MEDIUM
AC_AZURE_0247Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0032Ensure that the --audit-log-maxage argument is set to 30 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_GCP_0027Ensure Master Authorized Networks is EnabledGCPInfrastructure Security
HIGH
AC_K8S_0059Ensure that the --client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_GCP_0271Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_AZURE_0412Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_GCP_0005Ensure That Service Account Has No Admin Privileges - google_project_iam_memberGCPIdentity and Access Management
HIGH
AC_AZURE_0375Ensure that 'Auditing' Retention is 'greater than 90 days'AzureCompliance Validation
LOW
AC_K8S_0090Ensure that the --basic-auth-file argument is not setKubernetesIdentity and Access Management
MEDIUM
AC_GCP_0025Ensure use of VPC-native clustersGCPCompliance Validation
HIGH
AC_GCP_0030Ensure Stackdriver Kubernetes Logging and Monitoring is EnabledGCPLogging and Monitoring
HIGH
AC_GCP_0337Ensure Cloud Asset Inventory Is EnabledGCPLogging and Monitoring
MEDIUM
AC_K8S_0031Ensure that the --audit-log-path argument is setKubernetesLogging and Monitoring
MEDIUM
AC_AZURE_0212Ensure the "Minimum TLS version" is set to "Version 1.2"AzureInfrastructure Security
MEDIUM
AC_GCP_0017Ensure Node Auto-Upgrade is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_GCP_0297Ensure legacy Compute Engine instance metadata APIs are DisabledGCPInfrastructure Security
LOW
AC_GCP_0358Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket LockGCPLogging and Monitoring
LOW
AC_GCP_0365Ensure API Keys Only Exist for Active ServicesGCPSecurity Best Practices
MEDIUM
AC_AZURE_0036Ensure the storage account containing the container with activity logs is encrypted with Customer Managed KeyAzureData Protection
MEDIUM
AC_AZURE_0048Ensure That 'Notify about alerts with the following severity' is Set to 'High'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0136Ensure that 'Auditing' Retention is 'greater than 90 days'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0137Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0218Ensure that Activity Log Alert exists for Create Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AZURE_0348Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_GCP_0268Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or FewerGCPIdentity and Access Management
LOW
AC_GCP_0270Ensure the GKE Metadata Server is EnabledGCPSecurity Best Practices
LOW
AC_GCP_0259Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'GCPCompliance Validation
LOW
AC_GCP_0004Ensure That There Are Only GCP-Managed Service Account Keys for Each Service AccountGCPIdentity and Access Management
LOW
AC_GCP_0028Ensure Legacy Authorization (ABAC) is DisabledGCPIdentity and Access Management
HIGH
AC_GCP_0018Ensure that Alpha clusters are not used for production workloadsGCPSecurity Best Practices
LOW
AC_AWS_0565Ensure a log metric filter and alarm exist for S3 bucket policy changesAWSSecurity Best Practices
HIGH
S3_AWS_0009Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.xAWSIdentity and Access Management
HIGH
AC_AZURE_0021Ensure Soft Delete is Enabled for Azure Containers and Blob StorageAzureData Protection
MEDIUM
AC_AZURE_0061Ensure that SSH access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH