Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0561Ensure Virtual Machines are utilizing Managed DisksAzureData Protection
MEDIUM
AC_AZURE_0019Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_AZURE_0556Ensure That No Custom Subscription Administrator Roles ExistAzureIdentity and Access Management
MEDIUM
AC_GCP_0318Ensure That Sinks Are Configured for All Log EntriesGCPLogging and Monitoring
LOW
AC_GCP_0368Ensure Logging is enabled for HTTP(S) Load BalancerGCPSecurity Best Practices
MEDIUM
AC_AWS_0592Ensure that encryption is enabled for EFS file systemsAWSData Protection
HIGH
AC_AZURE_0560Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All NetworksAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AWS_0631Ensure AWS Security Hub is enabledAWSInfrastructure Security
MEDIUM
AC_AWS_0193Ensure Auto Minor Version Upgrade feature is Enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSCompliance Validation
MEDIUM
AC_AWS_0610Ensure no security groups allow ingress from ::/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AZURE_0563Ensure Private Endpoints are used to access Storage AccountsAzureData Protection
MEDIUM
AC_AZURE_0564Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabledAzureData Protection
MEDIUM
AC_AWS_0595Ensure access keys are rotated every 90 days or lessAWSIdentity and Access Management
MEDIUM
S3_AWS_0016Ensure MFA Delete is enabled on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_AWS_0633Ensure that IAM Access analyzer is enabled for all regionsAWSInfrastructure Security
MEDIUM
AC_GCP_0370Ensure Instance IP assignment is set to privateGCPCompliance Validation
LOW
S3_AWS_0017Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_AWS_0589Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0611Ensure AWS Security Hub is enabledAWSInfrastructure Security
MEDIUM
AC_AWS_0603Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) InstanceAWSCompliance Validation
MEDIUM
AC_AWS_0607Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AWS_0646Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AZURE_0559Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' RequestsAzureData Protection
MEDIUM
AC_AZURE_0070Ensure that Activity Log Alert exists for Delete Public IP Address ruleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0071Ensure that Activity Log Alert exists for Delete SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0554Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled'AzureData Protection
LOW
AC_AWS_0593Ensure that IAM Access analyzer is enabled for all regionsAWSInfrastructure Security
MEDIUM
AC_AWS_0609Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AZURE_0046Ensure 'Additional email addresses' is Configured with a Security Contact EmailAzureLogging and Monitoring
MEDIUM
AC_AZURE_0128Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'AzureData Protection
MEDIUM
AC_AZURE_0557Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_AZURE_0552Enable Role Based Access Control for Azure Key VaultAzureData Protection
LOW
AC_AWS_0596Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AZURE_0069Ensure that Activity Log Alert exists for Create or Update Public IP Address ruleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0072Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall RuleAzureLogging and Monitoring
MEDIUM
AC_AZURE_0558Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_AZURE_0028Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults.AzureData Protection
HIGH
AC_AZURE_0059Ensure that HTTP(S) access from the Internet is evaluated and restrictedAzureInfrastructure Security
LOW
AC_AZURE_0370Ensure that 'Public access level' is disabled for storage accounts with blob containersAzureInfrastructure Security
HIGH
AC_AZURE_0376Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
S3_AWS_0015Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_AZURE_0410Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database ServerAzureResilience
MEDIUM
AC_AZURE_0026Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0241Ensure that 'Data encryption' is set to 'On' on a SQL DatabaseAzureData Protection
MEDIUM
AC_GCP_0327Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption KeyGCPInfrastructure Security
LOW
AC_GCP_0330Ensure Essential Contacts is Configured for OrganizationGCPLogging and Monitoring
LOW
AC_AZURE_0126Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0375Ensure that 'Auditing' Retention is 'greater than 90 days'AzureCompliance Validation
LOW
AC_GCP_0337Ensure Cloud Asset Inventory Is EnabledGCPLogging and Monitoring
MEDIUM
AC_AZURE_0044Ensure that Azure Active Directory Admin is Configured for SQL ServersAzureIdentity and Access Management
HIGH