Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0021Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0022Ensure termination protection is enabled for AWS CloudFormation StackAWSSecurity Best Practices
MEDIUM
AC_AWS_0029Ensure correct key format is used for condition in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0366Ensure Server Side Encryption (SSE) is enabled Amazon Simple Queue Service (SQS) queueAWSSecurity Best Practices
HIGH
AC_AWS_0408Ensure Effect is set to 'Deny' if NotAction is used in AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0409Ensure Effect is set to 'Deny' if Condition is used in AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0467Ensure CORS is configured to prevent sharing across all domains for AWS API Gateway V2 APIAWSSecurity Best Practices
MEDIUM
AC_AWS_0546Ensure load balancer health checks are used for AWS Auto Scaling GroupsAWSSecurity Best Practices
MEDIUM
AC_AWS_0559Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0566Ensure a log metric filter and alarm exist for AWS Config configuration changesAWSSecurity Best Practices
HIGH
AC_AWS_0586Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0587Ensure a log metric filter and alarm exist for usage of 'root' accountAWSSecurity Best Practices
HIGH
AC_AWS_0588Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresAWSSecurity Best Practices
HIGH
AC_AZURE_0110Ensure backup is enabled using Azure Backup for Azure Windows Virtual MachinesAzureSecurity Best Practices
LOW
AC_AZURE_0120Ensure that authentication feature is enabled for Azure Windows Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0250Ensure integration service environment are used for deployment of Azure Logic App WorkflowAzureSecurity Best Practices
LOW
AC_AZURE_0251Ensure key size is set on all keys for Azure Key Vault KeyAzureSecurity Best Practices
MEDIUM
AC_GCP_0012Ensure a key rotation mechanism within a 365 day period is implemented for Google KMS Crypto KeyGCPSecurity Best Practices
LOW
S3_AWS_0005Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_AZURE_0568Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_linux_web_appAzureSecurity Best Practices
MEDIUM
AC_GCP_0018Ensure that Alpha clusters are not used for production workloadsGCPSecurity Best Practices
LOW
AC_GCP_0365Ensure API Keys Only Exist for Active ServicesGCPSecurity Best Practices
MEDIUM
AC_AWS_0161Ensure deletion window for Customer Managed Keys (CMK) is enabled for AWS Key Management Service (KMS)AWSSecurity Best Practices
HIGH
AC_AWS_0225Ensure network isolation is enabled for AWS SageMakerAWSSecurity Best Practices
MEDIUM
AC_AWS_0367Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway VolumesAWSSecurity Best Practices
HIGH
AC_AWS_0370Ensure default VPC is not used for AWS VPCAWSSecurity Best Practices
MEDIUM
AC_AWS_0444Ensure AWS CloudFormation is used for managing an AWS AccountAWSSecurity Best Practices
LOW
AC_AWS_0445Ensure policies are used for AWS CloudFormation StacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0504Ensure valid account number format is used in AWS API Gateway Rest API PolicyAWSSecurity Best Practices
LOW
AC_AWS_0505Ensure valid account number format is used in Amazon Elastic Container Registry (Amazon ECR)AWSSecurity Best Practices
LOW
AC_AWS_0558Ensure a log metric filter and alarm exist for Management Console sign-in without MFAAWSSecurity Best Practices
HIGH
AC_AWS_0571Ensure a log metric filter and alarm exist for VPC changesAWSSecurity Best Practices
HIGH
AC_AZURE_0112Ensure Time To Live (TTL) of the DNS record is not more than 60 minutes for Azure Private DNS Cname RecordAzureSecurity Best Practices
MEDIUM
AC_AZURE_0267Ensure that 'Phone number' is set for Azure Security Center ContactAzureSecurity Best Practices
MEDIUM
AC_AZURE_0288Ensure password authentication is disabled for Azure Linux Virtual MachineAzureSecurity Best Practices
MEDIUM
AC_AZURE_0385Ensure that standard pricing tiers are selected in Azure Security Center Subscription PricingAzureSecurity Best Practices
MEDIUM
AC_AZURE_0395Ensure missing service endpoints are disabled for Azure PostgreSQL Virtual Network RuleAzureSecurity Best Practices
MEDIUM
AC_GCP_0242Ensure default service account is not used for project access in Google Container ClusterGCPSecurity Best Practices
HIGH
AC_GCP_0265Ensure sharing of service account credentials is restricted using Google Service AccountGCPSecurity Best Practices
MEDIUM
AC_K8S_0119Ensure protocols are explicitly declared where possible for Istio ServicesKubernetesSecurity Best Practices
MEDIUM
AC_AWS_0386Ensure that inline policy does not expose secrets in AWS Secrets ManagerAWSSecurity Best Practices
HIGH
AC_AZURE_0300Ensure virtual network is used to deploy Azure Container GroupAzureSecurity Best Practices
MEDIUM
AC_GCP_0291Ensure oslogin is enabled for a Project - google_compute_project_metadataGCPSecurity Best Practices
LOW
AC_GCP_0367Ensure API Keys Are Rotated Every 90 DaysGCPSecurity Best Practices
MEDIUM
AC_GCP_0368Ensure Logging is enabled for HTTP(S) Load BalancerGCPSecurity Best Practices
MEDIUM
AC_AWS_0030Ensure valid account number format is used in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0050Ensure `arn` prefix is in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0150Ensure a log metric filter and alarm exist for AWS NAT GatewaysAWSSecurity Best Practices
HIGH
AC_AWS_0179Ensure auto minor version upgrade is enabled for AWS MQ BrokersAWSSecurity Best Practices
MEDIUM
AC_AWS_0201Ensure allow version upgrade is enabled for AWS Redshift ClustersAWSSecurity Best Practices
LOW