Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0002Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0003Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0005Ensure encryption is enabled for Amazon Machine Image (AMI)AWSInfrastructure Security
MEDIUM
AC_AWS_0011Ensure that the endpoint type is set to private for API Gateway Rest APIAWSInfrastructure Security
MEDIUM
AC_AWS_0116Ensure advanced security options are enabled for AWS ElasticSearch DomainAWSInfrastructure Security
HIGH
AC_AWS_0230Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0235Ensure Security Groups do not have unrestricted specific ports open - Elasticsearch (TCP,9300)AWSInfrastructure Security
HIGH
AC_AWS_0250Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (UDP,11214)AWSInfrastructure Security
HIGH
AC_AWS_0251Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (UDP,11215)AWSInfrastructure Security
HIGH
AC_AWS_0255Ensure Security Groups do not have unrestricted specific ports open - NetBIOS Name Service (UDP,137)AWSInfrastructure Security
HIGH
AC_AWS_0260Ensure Security Groups do not have unrestricted specific ports open - Oracle DB SSL (TCP,2484)AWSInfrastructure Security
HIGH
AC_AWS_0261Ensure Security Groups do not have unrestricted specific ports open - Oracle DB SSL (UDP,2484)AWSInfrastructure Security
HIGH
AC_AWS_0266Ensure Security Groups do not have unrestricted specific ports open - SNMP (UDP,161)AWSInfrastructure Security
HIGH
AC_AWS_0271Ensure Security Groups do not have unrestricted specific ports open - Telnet (TCP,23)AWSInfrastructure Security
HIGH
AC_AWS_0273Ensure Security Groups do not have unrestricted specific ports open - CIFS for file/printer (TCP,445)AWSInfrastructure Security
HIGH
AC_AWS_0277Ensure SaltStack Master (TCP,4505) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0279Ensure CIFS / SMB (TCP,3020) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0281Ensure Cassandra (TCP,7001) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0286Ensure MSSQL Admin (TCP,1434) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0291Ensure Memcached SSL (TCP,11215) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0296Ensure NetBIOS Name Service (TCP,137) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0297Ensure NetBIOS Name Service (UDP,137) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0309Ensure SQL Server Analysis Service browser (TCP,2382) is not accessible by a public CIDR block rangeAWSInfrastructure Security
MEDIUM
AC_AWS_0314Ensure SMTP (TCP,25) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0315Ensure CIFS for file/printer (TCP,445) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0322Ensure Security Groups Unrestricted Specific Ports https (TCP,443) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0338Ensure Cassandra' (TCP,7001) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0339Ensure HadoopNameNode' (TCP,9000) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0341Ensure LDAPSSL' (TCP,636) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0345Ensure NetBIOSNameService' (TCP,137) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0352Ensure PostgresSQL' (UDP,5432) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0437Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshotsAWSInfrastructure Security
MEDIUM
AC_AWS_0439Ensure authorization is enabled for AWS API Gateway MethodAWSInfrastructure Security
HIGH
AC_AWS_0441Ensure HTTP2 is enabled for AWS LB (Load Balancer)AWSInfrastructure Security
LOW
AC_AWS_0454Ensure one HTTPS listener is configured for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0515Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0527Ensure LDAP (UDP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0533Ensure Memcached SSL (UDP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0538Ensure Oracle DB (TCP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0542Ensure Redis without SSL (TCP:6379) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AZURE_0093Ensure public access is disabled for Azure IoT Hub Device Provisioning Service (DPS)AzureInfrastructure Security
MEDIUM
AC_AZURE_0094Ensure shared access policies are not used for IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0097Ensure that the Microsoft Defender for IoT Hub is enabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0103Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0111Ensure that automatic upgrades are enabled for Azure Virtual Machine ExtensionAzureInfrastructure Security
MEDIUM
AC_AZURE_0124Ensure latest TLS version is in use for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0135Ensure public access is disabled for Azure MSSQL ServerAzureInfrastructure Security
HIGH
AC_AZURE_0160Ensure that private cluster is enabled for Azure Kubernetes ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0193Ensure web sockets are disabled for Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0199Ensure HTTPS is allowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM