Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0126Ensure permissions are tightly controlled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0128Ensure S3 encryption configuration is configured for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0129Ensure CloudWatch log encryption is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0162Ensure that access policy is updated for AWS Key Management Service (KMS) keyAWSIdentity and Access Management
HIGH
AC_AWS_0216Ensure AWS S3 Bucket object ownership is more restrictiveAWSIdentity and Access Management
MEDIUM
AC_AWS_0377Ensure permissions are tightly controlled for AWS EFS File SystemAWSIdentity and Access Management
HIGH
AC_AWS_0406Ensure NotResource is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0407Ensure Effect is set to 'Deny' if Resource is used in Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0422Ensure AWS Redshift Snapshot Retention Policy is more than 7 daysAWSCompliance Validation
MEDIUM
AC_AWS_0439Ensure authorization is enabled for AWS API Gateway MethodAWSInfrastructure Security
HIGH
AC_AWS_0450Ensure no wildcards are being used in AWS API Gateway Rest API PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0476Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW
AC_AWS_0492Ensure use of NotAction with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0494Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0619Ensure AWS Lambda function permissions have a source ARN specifiedAWSIdentity and Access Management
MEDIUM
AC_AZURE_0138Ensure geo-redundant backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0150Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale SetAzureCompliance Validation
MEDIUM
AC_AZURE_0187Ensure user id's are all system managed for Azure Container GroupAzureIdentity and Access Management
LOW
AC_AZURE_0199Ensure HTTPS is allowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AZURE_0407Ensure geo-redundant backups are enabled for Azure PostgreSQL ServerAzureResilience
MEDIUM
AC_AZURE_0548Ensure disk encryption is enabled for Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_AWS_0165Ensure environment variables do not use AWS secret keys, access keys, or access tokens for AWS Lambda FunctionsAWSIdentity and Access Management
HIGH
AC_AZURE_0197Ensure custom script extensions are not used in Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0200Ensure custom script extensions are not used in Azure Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0551Ensure geo-redundant backups are enabled for Azure MySQL Flexible ServerAzureData Protection
HIGH
AC_AWS_0021Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0022Ensure termination protection is enabled for AWS CloudFormation StackAWSSecurity Best Practices
MEDIUM
AC_AWS_0024Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0043Ensure temporary passwords are not valid for more than 90 daysAWSIdentity and Access Management
MEDIUM
AC_AWS_0063Ensure delete protection is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSResilience
MEDIUM
AC_AWS_0073Ensure KMS customer managed keys are used for encryption of AWS DocumentDB ClustersAWSData Protection
MEDIUM
AC_AWS_0074Ensure log export is enabled for AWS DocumentDB clustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0077Ensure read-write capacities are reserved for AWS DynamoDB tablesAWSCompliance Validation
MEDIUM
AC_AWS_0100Ensure control plane logging is enabled for all log types for AWS Elastic Kubernetes Service (EKS) clustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0102Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clustersAWSCompliance Validation
HIGH
AC_AWS_0103Ensure memcached elasticache engines are not in use in AWS PCI-DSS environments for AWS ElastiCache clustersAWSCompliance Validation
HIGH
AC_AWS_0107Ensure dedicated master nodes are enabled for AWS ElasticSearch DomainsAWSLogging and Monitoring
MEDIUM
AC_AWS_0108Ensure general purpose SSD node type is not used for AWS ElasticSearch DomainsAWSCompliance Validation
HIGH
AC_AWS_0122Ensure connection draining is enabled for AWS ELBAWSResilience
MEDIUM
AC_AWS_0169Ensure there are no URL references used in base64 encoded value of AWS Launch ConfigurationAWSData Protection
HIGH
AC_AWS_0176Ensure active/standby deployment mode is used for AWS MQ BrokersAWSResilience
MEDIUM
AC_AWS_0185Ensure external principals are allowed for AWS RAM resourcesAWSData Protection
MEDIUM
AC_AWS_0189Ensure Aurora Serverless AutoPause is enabled for Amazon Relational Database Service (Amazon RDS) clustersAWSCompliance Validation
MEDIUM
AC_AWS_0395Ensure logging is enabled for AWS API Gateway Method SettingsAWSLogging and Monitoring
MEDIUM
AC_AWS_0443Ensure log exports has been enabled for AWS Neptune clusterAWSLogging and Monitoring
MEDIUM
AC_AWS_0467Ensure CORS is configured to prevent sharing across all domains for AWS API Gateway V2 APIAWSSecurity Best Practices
MEDIUM
AC_AWS_0546Ensure load balancer health checks are used for AWS Auto Scaling GroupsAWSSecurity Best Practices
MEDIUM
AC_AWS_0614Ensure AWS Lambda Functions have associated tagsAWSCompliance Validation
LOW
AC_AZURE_0166Ensure that RSA keys have the specified minimum key size for Azure Key Vault CertificateAzureCompliance Validation
HIGH
AC_AZURE_0182Ensure auto inflate is enabled for Azure Eventhub NamespaceAzureCompliance Validation
LOW