Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0205Ensure record sets are configured for AWS Route53HostedZonesAWSLogging and Monitoring
HIGH
AC_AWS_0455Ensure monitoring is enabled for AWS Launch ConfigurationAWSLogging and Monitoring
HIGH
AC_AWS_0585Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AWS_0613Ensure AWS Lambda function is configured with a Dead Letter QueueAWSLogging and Monitoring
LOW
AC_AZURE_0147Ensure Azure log retention is set at least 90 days for Azure Log Analytics WorkspaceAzureLogging and Monitoring
MEDIUM
AC_AZURE_0210Ensure that Diagnostic Logs Are Enabled for All Services that Support itAzureLogging and Monitoring
MEDIUM
AC_AZURE_0239Ensure That 'All users with the following roles' is set to 'Owner'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0283Ensure that Activity Log Retention is set 365 days or greater for Azure Monitor Log ProfileAzureLogging and Monitoring
MEDIUM
AC_AZURE_0337Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0341Ensure that Activity Log Alert exists for Create or Update Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0412Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_AZURE_0414Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configurationAzureLogging and Monitoring
MEDIUM
AC_GCP_0241Ensure object versioning is enabled on Google Cloud Storage BucketsGCPLogging and Monitoring
LOW
AC_GCP_0303Ensure that retention policies on log buckets are configured using Bucket LockGCPLogging and Monitoring
LOW
AC_K8S_0031Ensure that the --audit-log-path argument is setKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0034Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_AZURE_0046Ensure 'Additional email addresses' is Configured with a Security Contact EmailAzureLogging and Monitoring
MEDIUM
AC_AZURE_0048Ensure That 'Notify about alerts with the following severity' is Set to 'High'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0136Ensure that 'Auditing' Retention is 'greater than 90 days'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0137Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0218Ensure that Activity Log Alert exists for Create Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AZURE_0588Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_GCP_0312Ensure That Cloud DNS Logging Is Enabled for All VPC NetworksGCPLogging and Monitoring
MEDIUM
AC_GCP_0330Ensure Essential Contacts is Configured for OrganizationGCPLogging and Monitoring
LOW
AC_K8S_0004Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event captureKubernetesLogging and Monitoring
LOW
AC_AWS_0012Ensure CloudWatch Logs are enabled for AWS API Gateway StageAWSLogging and Monitoring
MEDIUM
AC_AWS_0049Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0062Ensure performance insights are enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSLogging and Monitoring
MEDIUM
AC_AWS_0075Ensure deletion protection is enabled for AWS DocumentDB ClustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0369Ensure VPC flow logging is enabled in all VPCsAWSLogging and Monitoring
LOW
AC_AWS_0434Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AWS_0548Ensure logging is enabled for AWS CloudFrontAWSLogging and Monitoring
MEDIUM
AC_AWS_0557Ensure the S3 bucket used to store CloudTrail logs is not publicly accessibleAWSLogging and Monitoring
MEDIUM
AC_AWS_0582Ensure CloudTrail logs are encrypted at rest using KMS CMKsAWSLogging and Monitoring
HIGH
AC_AWS_0584Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_AWS_0589Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AZURE_0235Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0302Ensure read, write and delete request logging is enabled for queue service in Azure Storage AccountAzureLogging and Monitoring
MEDIUM
AC_AZURE_0340Ensure that Activity Log alert exists for the Delete Network Security Group RuleAzureLogging and Monitoring
MEDIUM
AC_GCP_0233Ensure logging is enabled for Google Cloud Storage BucketsGCPLogging and Monitoring
LOW
AC_K8S_0035Ensure that the --request-timeout argument is set as appropriateKubernetesLogging and Monitoring
MEDIUM
S3_AWS_0007Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_AWS_0626Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_AZURE_0001Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0047Ensure That 'All users with the following roles' is set to 'Owner'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0070Ensure that Activity Log Alert exists for Delete Public IP Address ruleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0071Ensure that Activity Log Alert exists for Delete SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0339Ensure that Activity Log Alert exists for Create or Update Security SolutionAzureLogging and Monitoring
MEDIUM
AC_AZURE_0344Ensure that Activity Log Alert exists for Delete Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AZURE_0589Ensure 'log_duration' is set for Azure PostgreSQL ConfigurationAzureLogging and Monitoring
MEDIUM