Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0040Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0053Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureInfrastructure Security
HIGH
AC_AZURE_0092Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS)AzureInfrastructure Security
HIGH
AC_AZURE_0098Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0101Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to falseAzureInfrastructure Security
HIGH
AC_AZURE_0102Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0109Ensure public IP addresses are not assigned to Azure Linux Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0115Ensure that authentication feature is enabled for Azure Linux Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0121Ensure HTTPS is enabled for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0125Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0126Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0133Ensure notification email address is configured for Azure MSSQL Server Security Alert PolicyAzureLogging and Monitoring
MEDIUM
AC_AZURE_0134Ensure that minimum TLS version is set to 1.2 for Azure MSSQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0139Ensure regular backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0142Ensure CORS is tightly controlled and managed for Azure Linux Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0159Ensure Azure Active Directory (Azure AD) has been enabled in Azure Kubernetes ClusterAzureCompliance Validation
MEDIUM
AC_AZURE_0165Ensure that only allowed key types are in use for Azure Key Vault CertificateAzureCompliance Validation
HIGH
AC_AZURE_0171Ensure zone resiliency is turned on for all Azure ImageAzureResilience
LOW
AC_AZURE_0172Ensure Hyper-V generation uses v2 for Azure ImageAzureData Protection
LOW
AC_AZURE_0181Ensure Azure services are zone redundant for Azure Eventhub NamespaceAzureResilience
MEDIUM
AC_AZURE_0183Ensure consistency level is NOT set to 'Eventual' for Azure CosmosDB AccountAzureSecurity Best Practices
LOW
AC_AZURE_0190Ensure auto renew of certificates is turned off for Azure App Service Certificate OrderAzureInfrastructure Security
LOW
AC_AZURE_0192Ensure auditing and monitoring is enabled for Azure App ServiceAzureLogging and Monitoring
MEDIUM
AC_AZURE_0206Ensure cross account access is disabled for Azure SQL Firewall RuleAzureIdentity and Access Management
MEDIUM
AC_AZURE_0224Ensure latest TLS/SSL version is in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0253Ensure system-assigned managed identity authentication is used for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AZURE_0261Ensure public network access is disabled for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AZURE_0264Ensure log profile is configured to capture all activities for Azure Monitor Log ProfileAzureLogging and Monitoring
MEDIUM
AC_AZURE_0265Ensure Secrets are not exposed in customData used in Azure Virtual MachineAzureInfrastructure Security
MEDIUM
AC_AZURE_0290Ensure that Azure policies add-on are used for Azure Kubernetes ClusterAzureSecurity Best Practices
MEDIUM
AC_AZURE_0291Ensure that logging to Azure Monitoring is configured for Azure Kubernetes ClusterAzureLogging and Monitoring
MEDIUM
AC_AZURE_0315Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB AccountAzureData Protection
MEDIUM
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0342Ensure that RDP access is restricted from the internetAzureInfrastructure Security
HIGH
AC_AZURE_0350Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale SetAzureLogging and Monitoring
LOW
AC_AZURE_0351Ensure Azure Web Application Firewall Policy is enabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0353Ensure a site-to-site VPN functionality by making use of Azure Virtual WANAzureInfrastructure Security
MEDIUM
AC_AZURE_0354Ensure that VPN Encryption is enabled for Azure Virtual WANAzureInfrastructure Security
MEDIUM
AC_AZURE_0357Ensure that UDP Services are restricted from the InternetAzureInfrastructure Security
HIGH
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_AZURE_0362Ensure boot diagnostics are enabled for Azure Virtual MachineAzureLogging and Monitoring
MEDIUM
AC_AZURE_0374Ensure a firewall is attached to Azure SQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0381Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall RuleAzureInfrastructure Security
HIGH
AC_AZURE_0383Ensure that 'Threat Detection' is enabled for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0389Ensure resource lock enabled for Azure Resource GroupAzureIdentity and Access Management
LOW
AC_AZURE_0391Ensure that firewall rules does not allow unrestricted access to Azure Redis Cache from other Azure sourcesAzureInfrastructure Security
HIGH
AC_AZURE_0413Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configurationAzureLogging and Monitoring
MEDIUM
AC_AZURE_0416Ensure that traffic analytics is enabled via Azure Network Watcher Flow LogAzureSecurity Best Practices
MEDIUM
AC_AZURE_0418Ensure that Network Watcher is 'Enabled'AzureLogging and Monitoring
HIGH
AC_AZURE_0550Ensure disk encryption is enabled for Azure Windows Virtual MachineAzureData Protection
MEDIUM