Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0545Ensure environment variables do not contain any credentials in AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AZURE_0099Ensure that the attribute 'privileged_docker_options' in Defender for IoT is not set to falseAzureInfrastructure Security
HIGH
AC_AZURE_0104Ensure that the attribute 'edge_logging_option' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0162Ensure secrets have content type set for Azure Key Vault SecretAzureSecurity Best Practices
MEDIUM
AC_AZURE_0170Ensure the key vault is recoverable - soft_delete_enabledAzureData Protection
MEDIUM
AC_AZURE_0301Ensure that key vault is used to encrypt data for Azure Batch AccountAzureData Protection
MEDIUM
AC_AZURE_0320Ensure that boolean variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0324Ensure that Microsoft Defender for Container Registries is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0331Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selectedAzureCompliance Validation
MEDIUM
AC_AZURE_0386Ensure That 'Notify about alerts with the following severity' is Set to 'High'AzureLogging and Monitoring
MEDIUM
AC_GCP_0246Ensure folder level default service account is not configured in Google Folder IAM BindingGCPIdentity and Access Management
LOW
AC_K8S_0013Ensure an owner key with proper label is set for Kubernetes namespaceKubernetesSecurity Best Practices
LOW
AC_K8S_0107Ensure pod/attach create roles are minimized in Kubernetes cluster in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_K8S_0111Ensure for exposing Kubernetes workload to the internet, NodePort service is not usedKubernetesInfrastructure Security
LOW
AC_K8S_0126Ensure Kubernetes hot-patch daemonset for Log4j2 is appliedKubernetesConfiguration and Vulnerability Analysis
HIGH
AC_AWS_0632Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AZURE_0085Ensure that logging for Azure Key Vault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_AZURE_0292Ensure that public access is disabled in Azure Key VaultAzureInfrastructure Security
MEDIUM
AC_AZURE_0332Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_AZURE_0552Enable Role Based Access Control for Azure Key VaultAzureData Protection
LOW
AC_GCP_0010Ensure That the Default Network Does Not Exist in a Project - google_projectGCPInfrastructure Security
LOW
AC_GCP_0366Ensure API Keys Are Restricted to Only APIs That Application Needs AccessGCPSecurity Best Practices
MEDIUM
AC_K8S_0001Configure Image Provenance using ImagePolicyWebhook admission controllerKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0005Ensure that the Anonymous Auth is Not EnabledKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0009Ensure that the --rotate-certificates argument is not present or is set to trueKubernetesData Protection
MEDIUM
AC_K8S_0106Ensure that the cluster-admin role is only used where requiredKubernetesIdentity and Access Management
HIGH
AC_AWS_0019Ensure there is no policy with Empty array ActionAWSIdentity and Access Management
LOW
AC_AWS_0026Ensure there is no IAM policy with invalid region used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0027Ensure there is no IAM policy with invalid partition used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0031Ensure only lower case letters are in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0141Ensure password policy requires minimal length of 7 for AWS IAM Account Password PolicyAWSCompliance Validation
MEDIUM
AC_AWS_0398Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0404Ensure Principal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0405Ensure NotPrincipal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0410Ensure wildcards(*) are only at end of strings in Action of AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0420Ensure there is no policy with Empty array ConditionAWSIdentity and Access Management
LOW
AC_AWS_0433Ensure cloud users don't have any direct permissions in AWS IAM User Policy AttachmentAWSIdentity and Access Management
MEDIUM
AC_AWS_0470Ensure cloud users don't have any direct permissions in AWS IAM User PolicyAWSIdentity and Access Management
MEDIUM
AC_AWS_0478Ensure that IP range is specified in CIDR format for AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0489Ensure Creation of SLR with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0495Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0593Ensure that IAM Access analyzer is enabled for all regionsAWSInfrastructure Security
MEDIUM
AC_AWS_0598Ensure a support role has been created to manage incidents with AWS SupportAWSIdentity and Access Management
MEDIUM
AC_AWS_0599Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedAWSIdentity and Access Management
MEDIUM
AC_AWS_0600Ensure there is only one active access key available for any single IAM userAWSIdentity and Access Management
MEDIUM
AC_AZURE_0389Ensure resource lock enabled for Azure Resource GroupAzureIdentity and Access Management
LOW
AC_GCP_0248Ensure default service account is not used at organization level for Google CloudGCPIdentity and Access Management
HIGH
AC_GCP_0275Ensure multi-factor authentication is enabled for Google Compute Project MetadataGCPSecurity Best Practices
LOW
AC_AWS_0627Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0634Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH