Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_GCP_0017Ensure Node Auto-Upgrade is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_GCP_0270Ensure the GKE Metadata Server is EnabledGCPSecurity Best Practices
LOW
AC_GCP_0278Ensure Oslogin Is Enabled for a Project - google_compute_instanceGCPSecurity Best Practices
LOW
AC_K8S_0086The default namespace should not be usedKubernetesSecurity Best Practices
LOW
AC_AWS_0031Ensure only lower case letters are in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0070Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instancesAWSSecurity Best Practices
MEDIUM
AC_AWS_0197Ensure KMS customer managed key (CMK) for encryption of AWS Redshift clustersAWSSecurity Best Practices
HIGH
AC_AWS_0209Ensure MFA Delete is enable on S3 bucketsAWSSecurity Best Practices
HIGH
AC_AWS_0404Ensure Principal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0405Ensure NotPrincipal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0410Ensure wildcards(*) are only at end of strings in Action of AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0425Ensure root access is disabled for AWS SageMaker Notebook instancesAWSSecurity Best Practices
HIGH
AC_AWS_0447Ensure image tag is immutable for Amazon Elastic Container Registry (Amazon ECR) RepositoryAWSSecurity Best Practices
MEDIUM
AC_AWS_0448Ensure log retention period of at least 90 days retention period for AWS CloudWatch Log GroupAWSSecurity Best Practices
HIGH
AC_AWS_0561Ensure a log metric filter and alarm exist for IAM policy changesAWSSecurity Best Practices
HIGH
AC_AWS_0562Ensure a log metric filter and alarm exist for CloudTrail configuration changesAWSSecurity Best Practices
HIGH
AC_AWS_0568Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)AWSSecurity Best Practices
HIGH
AC_AWS_0569Ensure a log metric filter and alarm exist for changes to network gatewaysAWSSecurity Best Practices
HIGH
AC_AWS_0572Ensure a log metric filter and alarm exists for AWS Organizations changesAWSSecurity Best Practices
HIGH
AC_AZURE_0109Ensure public IP addresses are not assigned to Azure Linux Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0115Ensure that authentication feature is enabled for Azure Linux Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0183Ensure consistency level is NOT set to 'Eventual' for Azure CosmosDB AccountAzureSecurity Best Practices
LOW
AC_AZURE_0290Ensure that Azure policies add-on are used for Azure Kubernetes ClusterAzureSecurity Best Practices
MEDIUM
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_AZURE_0416Ensure that traffic analytics is enabled via Azure Network Watcher Flow LogAzureSecurity Best Practices
MEDIUM
AC_GCP_0275Ensure multi-factor authentication is enabled for Google Compute Project MetadataGCPSecurity Best Practices
LOW
AC_GCP_0294Ensure the number of instances running simultaneously are limited for Google App Engine Standard App VersionGCPSecurity Best Practices
LOW
AC_K8S_0050Ensure custom snippets annotations is not set to true for Ingress-nginx controller deployment's Kubernetes Config MapKubernetesSecurity Best Practices
HIGH
AC_K8S_0097Ensure CPU request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_AWS_0606Ensure MFA Delete is enabled on S3 bucketsAWSSecurity Best Practices
HIGH
AC_AZURE_0194Ensure that Register with Azure Active Directory is enabled on App ServiceAzureSecurity Best Practices
MEDIUM
AC_AZURE_0569Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_appAzureSecurity Best Practices
MEDIUM
AC_GCP_0281Ensure That Compute Instances Have Confidential Computing EnabledGCPSecurity Best Practices
MEDIUM