Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_K8S_0035Ensure that the --request-timeout argument is set as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0092Ensure that the --kubelet-https argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0246Ensure that 'Java version' is the latest, if used to run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0117Ensure Kubernetes NetworkPolicy object is defined for every Kubernetes NamespaceKubernetesInfrastructure Security
MEDIUM
AC_AWS_0134Ensure password policy requires at least one lowercase character for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AZURE_0216Ensure that a 'Diagnostics Setting' existsAzureLogging and Monitoring
MEDIUM
AC_AZURE_0324Ensure that Microsoft Defender for Container Registries is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0331Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selectedAzureCompliance Validation
MEDIUM
AC_K8S_0030Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0042Ensure that the --encryption-provider-config argument is set as appropriateKubernetesData Protection
MEDIUM
AC_GCP_0251Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on'GCPCompliance Validation
LOW
AC_K8S_0031Ensure that the --audit-log-path argument is setKubernetesLogging and Monitoring
MEDIUM
AC_GCP_0017Ensure Node Auto-Upgrade is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_GCP_0297Ensure legacy Compute Engine instance metadata APIs are DisabledGCPInfrastructure Security
LOW
AC_GCP_0237Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_iam_bindingGCPIdentity and Access Management
MEDIUM
CIS_AZURE_0217Ensure Storage for Critical Data are Encrypted with Customer Managed KeysAzureData Protection
MEDIUM
AC_GCP_0099Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set AppropriatelyGCPCompliance Validation
LOW
AC_GCP_0299Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or StricterGCPCompliance Validation
LOW
AC_GCP_0035Ensure Compute instances are launched with Shielded VM enabledGCPInfrastructure Security
LOW
AC_GCP_0270Ensure the GKE Metadata Server is EnabledGCPSecurity Best Practices
LOW
AC_GCP_0028Ensure Legacy Authorization (ABAC) is DisabledGCPIdentity and Access Management
HIGH
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_K8S_0047Ensure that the admission control plugin AlwaysAdmit is not setKubernetesCompliance Validation
MEDIUM
AC_K8S_0058Ensure that the --cert-file and --key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0109Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_GCP_0300Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'GCPCompliance Validation
LOW
AC_K8S_0060Ensure that the --auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_GCP_0296Ensure Container-Optimized OS (cos_containerd) is used for GKE node imagesGCPCompliance Validation
LOW
AC_GCP_0252Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'GCPCompliance Validation
LOW
AC_AWS_0230Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_GCP_0319Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_GCP_0315Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on'GCPCompliance Validation
LOW
AC_K8S_0038Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0041Ensure that the --etcd-cafile argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0006Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_GCP_0133Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or StricterGCPCompliance Validation
LOW
AC_GCP_0253Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'GCPCompliance Validation
LOW
AC_GCP_0282Ensure That Compute Instances Do Not Have Public IP AddressesGCPInfrastructure Security
MEDIUM
AC_GCP_0257Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1' (Disabled)GCPCompliance Validation
LOW
AC_K8S_0039Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0008Ensure that a Client CA File is ConfiguredKubernetesIdentity and Access Management
HIGH
AC_K8S_0104Minimize wildcard use in Roles and ClusterRolesKubernetesIdentity and Access Management
HIGH
AC_K8S_0103Minimize access to create podsKubernetesIdentity and Access Management
HIGH
AC_K8S_0086The default namespace should not be usedKubernetesSecurity Best Practices
LOW
AC_K8S_0051Prefer using secrets as files over secrets as environment variablesKubernetesInfrastructure Security
HIGH
AC_K8S_0007Ensure that the --authorization-mode argument is not set to AlwaysAllowKubernetesIdentity and Access Management
HIGH
AC_K8S_0056Ensure that the RotateKubeletServerCertificate argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0064Apply Security Context to Your Pods and ContainersKubernetesInfrastructure Security
MEDIUM
AC_K8S_0003Ensure that the --make-iptables-util-chains argument is set to trueKubernetesInfrastructure Security
LOW
AC_K8S_0045Ensure that Service Account Tokens are only mounted where necessaryKubernetesIdentity and Access Management
MEDIUM