Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0111Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0023Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW
AC_AWS_0041Ensure resource ARNs do not have arn field missing in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0126Ensure permissions are tightly controlled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0128Ensure S3 encryption configuration is configured for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0129Ensure CloudWatch log encryption is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0162Ensure that access policy is updated for AWS Key Management Service (KMS) keyAWSIdentity and Access Management
HIGH
AC_AWS_0216Ensure AWS S3 Bucket object ownership is more restrictiveAWSIdentity and Access Management
MEDIUM
AC_AWS_0377Ensure permissions are tightly controlled for AWS EFS File SystemAWSIdentity and Access Management
HIGH
AC_AWS_0406Ensure NotResource is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0407Ensure Effect is set to 'Deny' if Resource is used in Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0422Ensure AWS Redshift Snapshot Retention Policy is more than 7 daysAWSCompliance Validation
MEDIUM
AC_AWS_0439Ensure authorization is enabled for AWS API Gateway MethodAWSInfrastructure Security
HIGH
AC_AWS_0450Ensure no wildcards are being used in AWS API Gateway Rest API PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0476Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW
AC_AWS_0492Ensure use of NotAction with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0494Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0619Ensure AWS Lambda function permissions have a source ARN specifiedAWSIdentity and Access Management
MEDIUM
AC_AZURE_0138Ensure geo-redundant backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0187Ensure user id's are all system managed for Azure Container GroupAzureIdentity and Access Management
LOW
AC_AZURE_0407Ensure geo-redundant backups are enabled for Azure PostgreSQL ServerAzureResilience
MEDIUM
AC_AZURE_0548Ensure disk encryption is enabled for Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_AWS_0165Ensure environment variables do not use AWS secret keys, access keys, or access tokens for AWS Lambda FunctionsAWSIdentity and Access Management
HIGH
AC_AZURE_0197Ensure custom script extensions are not used in Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0200Ensure custom script extensions are not used in Azure Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0551Ensure geo-redundant backups are enabled for Azure MySQL Flexible ServerAzureData Protection
HIGH
AC_AWS_0200Ensure audit logging feature is enabled for AWS Redshift clustersAWSLogging and Monitoring
LOW
AC_AWS_0205Ensure record sets are configured for AWS Route53HostedZonesAWSLogging and Monitoring
HIGH
AC_AWS_0047Ensure 'password policy' is enabled - at least 1 numberAWSIdentity and Access Management
MEDIUM
AC_AWS_0148Ensure that every AWS account has a minimum password length policy for AWS IAM User Login ProfileAWSCompliance Validation
HIGH
AC_AWS_0158Ensure sufficient data retention period is set for AWS Kinesis StreamsAWSResilience
MEDIUM
AC_GCP_0269Ensure that 'always allow' evaluation mode is restricted for Google Binary Authorization PolicyGCPSecurity Best Practices
MEDIUM
AC_GCP_0292Ensure that SSH access is restricted from the internetGCPInfrastructure Security
MEDIUM
AC_GCP_0293Ensure that SSH access is restricted from the internetGCPInfrastructure Security
LOW
AC_K8S_0068Ensure image tag is set in Kubernetes workload configurationKubernetesSecurity Best Practices
LOW
AC_AZURE_0301Ensure that key vault is used to encrypt data for Azure Batch AccountAzureData Protection
MEDIUM
S3_AWS_0011Ensure there are no world-listable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
AC_AWS_0147Ensure full administrative privileges are not created and are attached to a role using AWS IAM Role PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0218Ensure 'allow delete actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0411Ensure there is no IAM policy with empty SID valueAWSIdentity and Access Management
LOW
AC_AWS_0416Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pairAWSIdentity and Access Management
LOW
AC_AWS_0421Ensure there is no IAM policy with empty array resourceAWSIdentity and Access Management
LOW
AC_AWS_0073Ensure KMS customer managed keys are used for encryption of AWS DocumentDB ClustersAWSData Protection
MEDIUM
AC_AZURE_0166Ensure that RSA keys have the specified minimum key size for Azure Key Vault CertificateAzureCompliance Validation
HIGH
AC_AZURE_0251Ensure key size is set on all keys for Azure Key Vault KeyAzureSecurity Best Practices
MEDIUM
AC_AWS_0502Ensure valid account number format is used in Amazon Simple Notification Service (SNS) TopicAWSSecurity Best Practices
LOW
AC_AWS_0068Ensure public access is disabled for AWS Database Migration Service (DMS) instancesAWSData Protection
HIGH
AC_AWS_0099Ensure there are no public file systems for AWS Elastic File System (EFS)AWSIdentity and Access Management
HIGH
AC_AWS_0437Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshotsAWSInfrastructure Security
MEDIUM
AC_AZURE_0093Ensure public access is disabled for Azure IoT Hub Device Provisioning Service (DPS)AzureInfrastructure Security
MEDIUM