Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_K8S_0044Ensure that the --terminated-pod-gc-threshold argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0053Ensure that the --use-service-account-credentials argument is set to trueKubernetesIdentity and Access Management
LOW
AC_AZURE_0557Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_AZURE_0235Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0001Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AWS_0579Ensure multiple availability zones are used to deploy AWS NAT GatewaysAWSSecurity Best Practices
MEDIUM
AC_AZURE_0146Ensure log analytics workspace has daily quota value set for Azure Log Analytics WorkspaceAzureCompliance Validation
LOW
AC_AZURE_0156Enable role-based access control (RBAC) within Azure Kubernetes ServicesAzureIdentity and Access Management
MEDIUM
AC_AZURE_0247Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0032Ensure that the --audit-log-maxage argument is set to 30 or as appropriateKubernetesLogging and Monitoring
MEDIUM
S3_AWS_0005Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_AWS_0142Ensure IAM password policy requires minimum length of 14 or greaterAWSCompliance Validation
MEDIUM
AC_AWS_0081Ensure AWS EBS Volume has a corresponding AWS EBS SnapshotAWSData Protection
HIGH
AC_AWS_0374Ensure data encryption is enabled for AWS X-RayAWSData Protection
HIGH
AC_AWS_0431Ensure cloud users don't have any direct permissions in AWS IAM PolicyAWSIdentity and Access Management
MEDIUM
AC_AWS_0445Ensure policies are used for AWS CloudFormation StacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0453Ensure one target group is configured to listen on HTTPS for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0462Ensure no policy is attached that may cause privilege escalation for AWS IAM Role PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0465Ensure secrets are encrypted using AWS KMS key for AWS Secrets ManagerAWSData Protection
MEDIUM
AC_AWS_0469Ensure EMR cluster is Configured with Kerberos AuthenticationAWSInfrastructure Security
MEDIUM
AC_AWS_0473Ensure principal element is not empty in AWS IAM Trust PolicyAWSIdentity and Access Management
LOW
AC_AWS_0480Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0488Ensure there is no IAM policy with invalid policy elementAWSIdentity and Access Management
LOW
AC_AWS_0490Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked rolesAWSIdentity and Access Management
HIGH
AC_AWS_0497Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0550Ensure actions '*' and resource '*' are not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AZURE_0157Ensure that pod security policy is enabled for Azure Kubernetes ClusterAzureConfiguration and Vulnerability Analysis
HIGH
AC_AZURE_0278Ensure HTTP is disallowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AWS_0145Ensure that full access to edit IAM Policies is restrictedAWSIdentity and Access Management
HIGH
AC_AZURE_0329Ensure custom script extensions are not used in Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_GCP_0027Ensure Master Authorized Networks is EnabledGCPInfrastructure Security
HIGH
AC_AWS_0007Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method SettingsAWSLogging and Monitoring
MEDIUM
AC_AWS_0420Ensure there is no policy with Empty array ConditionAWSIdentity and Access Management
LOW
AC_AZURE_0171Ensure zone resiliency is turned on for all Azure ImageAzureResilience
LOW
AC_AZURE_0181Ensure Azure services are zone redundant for Azure Eventhub NamespaceAzureResilience
MEDIUM
AC_GCP_0271Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_AWS_0151Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0585Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AZURE_0214Ensure Azure Keyvaults are used to store secretsAzureData Protection
LOW
AC_AZURE_0356Ensure every subnet block is configured with a Network Security Group in Azure Virtual NetworkAzureInfrastructure Security
MEDIUM
AC_AZURE_0385Ensure that standard pricing tiers are selected in Azure Security Center Subscription PricingAzureSecurity Best Practices
MEDIUM
AC_GCP_0233Ensure logging is enabled for Google Cloud Storage BucketsGCPLogging and Monitoring
LOW
AC_AWS_0386Ensure that inline policy does not expose secrets in AWS Secrets ManagerAWSSecurity Best Practices
HIGH
AC_AWS_0076Ensure point-in-time-recovery (PITR) is enabled for AWS DynamoDB tablesAWSResilience
MEDIUM
AC_AZURE_0375Ensure that 'Auditing' Retention is 'greater than 90 days'AzureCompliance Validation
LOW
AC_K8S_0090Ensure that the --basic-auth-file argument is not setKubernetesIdentity and Access Management
MEDIUM
AC_GCP_0025Ensure use of VPC-native clustersGCPCompliance Validation
HIGH
AC_GCP_0030Ensure Stackdriver Kubernetes Logging and Monitoring is EnabledGCPLogging and Monitoring
HIGH