Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0387Ensure that access policy does not allow anonymous access for AWS Secrets ManagerAWSSecurity Best Practices
HIGH
AC_AWS_0396Ensure requests greater than 8 KB are blocked by AWS Web Application FirewallAWSSecurity Best Practices
HIGH
AC_AWS_0502Ensure valid account number format is used in Amazon Simple Notification Service (SNS) TopicAWSSecurity Best Practices
LOW
AC_AWS_0503Ensure valid account number format is used in Amazon Simple Queue Service (SQS) QueueAWSSecurity Best Practices
LOW
AC_AWS_0564Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKsAWSSecurity Best Practices
HIGH
AC_AWS_0567Ensure a log metric filter and alarm exist for security group changesAWSSecurity Best Practices
HIGH
AC_AWS_0577Ensure tags are defined for AWS NAT GatewaysAWSSecurity Best Practices
LOW
AC_AWS_0579Ensure multiple availability zones are used to deploy AWS NAT GatewaysAWSSecurity Best Practices
MEDIUM
AC_AZURE_0108Ensure public IP addresses are not assigned to Azure Windows Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0113Ensure backup is enabled using Azure Backup for Azure Linux Virtual MachinesAzureSecurity Best Practices
LOW
AC_AZURE_0162Ensure secrets have content type set for Azure Key Vault SecretAzureSecurity Best Practices
MEDIUM
AC_AZURE_0195Ensure that custom domains are configured in Azure App ServiceAzureSecurity Best Practices
LOW
AC_AZURE_0303Ensure that authentication feature is enabled for Azure Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0417Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow LogAzureSecurity Best Practices
MEDIUM
AC_GCP_0288Ensure only selected container registries are allowed through Google Binary Authorization PolicyGCPSecurity Best Practices
MEDIUM
AC_GCP_0295Ensure node metadata is concealed for Google Container Node PoolGCPSecurity Best Practices
LOW
AC_K8S_0013Ensure an owner key with proper label is set for Kubernetes namespaceKubernetesSecurity Best Practices
LOW
AC_K8S_0098Ensure CPU limit is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0115Ensure security context is applied to pods and containers with SELinux configuredKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0120Ensure large virtual services are split into multiple resources for Istio Virtual ServicesKubernetesSecurity Best Practices
LOW
AC_GCP_0015Ensure Node Auto-Repair is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_GCP_0366Ensure API Keys Are Restricted to Only APIs That Application Needs AccessGCPSecurity Best Practices
MEDIUM
AC_AWS_0055Ensure the security best practices configuration is followed for Amazon Relational Database Service (Amazon RDS) instancesAWSSecurity Best Practices
HIGH
AC_AWS_0175Ensure public access is disabled for AWS MQ BrokersAWSSecurity Best Practices
MEDIUM
AC_AWS_0177Ensure latest engine version is used for AWS MQ BrokersAWSSecurity Best Practices
MEDIUM
AC_AWS_0368Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway File SharesAWSSecurity Best Practices
HIGH
AC_AWS_0397Ensure multiple ENI are not attached to a single AWS InstanceAWSSecurity Best Practices
LOW
AC_AWS_0406Ensure NotResource is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0407Ensure Effect is set to 'Deny' if Resource is used in Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0442Ensure access logging is enabled for AWS API Gateway V2 APIAWSSecurity Best Practices
MEDIUM
AC_AWS_0452Ensure log retention policy is set for AWS CloudWatch Log GroupAWSSecurity Best Practices
MEDIUM
AC_AWS_0506Ensure valid account number format is used in AWS EFS File System PolicyAWSSecurity Best Practices
LOW
AC_AWS_0560Ensure a log metric filter and alarm exist for usage of 'root' accountAWSSecurity Best Practices
HIGH
AC_AWS_0563Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresAWSSecurity Best Practices
HIGH
AC_AWS_0565Ensure a log metric filter and alarm exist for S3 bucket policy changesAWSSecurity Best Practices
HIGH
AC_AWS_0570Ensure a log metric filter and alarm exist for route table changesAWSSecurity Best Practices
HIGH
AC_AZURE_0359Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_AZURE_0393Ensure regular security and operational updates are enabled for Azure Redis CacheAzureSecurity Best Practices
HIGH
AC_GCP_0266Ensure a retention policy is enabled for Google Cloud Storage BucketsGCPSecurity Best Practices
MEDIUM
AC_GCP_0267Ensure a retention period of at least 90 days is set for Google Cloud Storage BucketsGCPSecurity Best Practices
LOW
AC_GCP_0269Ensure that 'always allow' evaluation mode is restricted for Google Binary Authorization PolicyGCPSecurity Best Practices
MEDIUM
AC_K8S_0025Ensure default name space is not in use in Kubernetes NamespaceKubernetesSecurity Best Practices
LOW
AC_K8S_0048Ensure default routes are set for Istio servicesKubernetesSecurity Best Practices
LOW
AC_K8S_0068Ensure image tag is set in Kubernetes workload configurationKubernetesSecurity Best Practices
LOW
AC_K8S_0070Ensure liveness probe is configured for containers in all Kubernetes workloadsKubernetesSecurity Best Practices
LOW
AC_K8S_0072Ensure readiness probe is configured for containers in all Kubernetes workloadsKubernetesSecurity Best Practices
LOW
AC_K8S_0099Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0100Ensure Memory request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
S3_AWS_0016Ensure MFA Delete is enabled on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_GCP_0011Ensure KMS Encryption Keys Are Rotated Within a Period of 90 DaysGCPSecurity Best Practices
LOW