Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0105Ensure slow logs (index slow logs) are enabled for AWS ElasticSearch DomainAWSCompliance Validation
MEDIUM
AC_AWS_0117Ensure latest TLS version is used for AWS ElasticSearch NodesAWSInfrastructure Security
MEDIUM
AC_AWS_0225Ensure network isolation is enabled for AWS SageMakerAWSSecurity Best Practices
MEDIUM
AC_AWS_0374Ensure data encryption is enabled for AWS X-RayAWSData Protection
HIGH
AC_AZURE_0145Ensure ingestion is not supported over public internet for Azure Log Analytics WorkspaceAzureInfrastructure Security
HIGH
AC_AZURE_0220Ensure Customer Managed Key (CMK) is configured for Azure Healthcare ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0221Ensure CORS is configured to allow only trusted clients for Azure Healthcare ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0298Ensure that Azure Data Explorer uses double encryption in Azure Kusto ClusterAzureData Protection
MEDIUM
AC_GCP_0283Ensure KMS customer managed keys are used in Google Dataflow JobGCPData Protection
MEDIUM
AC_AWS_0107Ensure dedicated master nodes are enabled for AWS ElasticSearch DomainsAWSLogging and Monitoring
MEDIUM
AC_AWS_0108Ensure general purpose SSD node type is not used for AWS ElasticSearch DomainsAWSCompliance Validation
HIGH
AC_AWS_0115Ensure HTTPS-only is enforced for AWS ElasticSearch DomainAWSInfrastructure Security
MEDIUM
AC_AWS_0118Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policyAWSIdentity and Access Management
HIGH
AC_AZURE_0211Ensure data backup is enabled using `backup_blob_container_uri` for Azure Analysis Services ServersAzureResilience
MEDIUM
AC_AZURE_0254Ensure public network access is disabled for Azure Cognitive AccountAzureInfrastructure Security
MEDIUM
AC_AZURE_0266Ensure managed virtual networks are in use for Azure Synapse WorkspaceAzureInfrastructure Security
LOW
AC_AZURE_0307Ensure public access is disabled for Azure Search ServiceAzureInfrastructure Security
HIGH
AC_AZURE_0379Ensure data encryption is enabled for Azure Synapse SQL PoolAzureData Protection
MEDIUM
AC_AWS_0109Ensure latest version of elasticsearch engine is used for AWS ElasticSearch DomainsAWSCompliance Validation
MEDIUM
AC_AWS_0112Ensure encryption at-rest is enabled for AWS ElasticSearch DomainsAWSData Protection
HIGH
AC_AWS_0114Ensure node-to-node encryption is enabled for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0130Ensure 'Job Bookmark Encryption' is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0425Ensure root access is disabled for AWS SageMaker Notebook instancesAWSSecurity Best Practices
HIGH
AC_AWS_0460Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery StreamAWSData Protection
HIGH
AC_AWS_0611Ensure AWS Security Hub is enabledAWSInfrastructure Security
MEDIUM
AC_AZURE_0253Ensure system-assigned managed identity authentication is used for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AZURE_0261Ensure public network access is disabled for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AWS_0110Ensure ElasticSearch Zone Awareness is enabledAWSResilience
MEDIUM
AC_AWS_0111Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0116Ensure advanced security options are enabled for AWS ElasticSearch DomainAWSInfrastructure Security
HIGH
AC_AWS_0128Ensure S3 encryption configuration is configured for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0129Ensure CloudWatch log encryption is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0155Ensure at-rest server side encryption (SSE) is enabled for data stored in AWS Kinesis ServerAWSData Protection
HIGH
AC_AWS_0157Ensure KMS customer managed keys are used for encryption in AWS Kinesis StreamsAWSData Protection
HIGH
AC_AWS_0158Ensure sufficient data retention period is set for AWS Kinesis StreamsAWSResilience
MEDIUM
AC_AZURE_0147Ensure Azure log retention is set at least 90 days for Azure Log Analytics WorkspaceAzureLogging and Monitoring
MEDIUM
AC_AZURE_0255Ensure virtual network configuration is added for Azure Kusto ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0299Ensure that Azure Data Explorer uses disk encryption in Azure Kusto ClusterAzureData Protection
MEDIUM
AC_AWS_0106Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domainAWSIdentity and Access Management
HIGH
AC_AWS_0113Ensure Amazon cognito authentication is enabled for AWS ElasticSearch DomainAWSIdentity and Access Management
MEDIUM
AC_AWS_0119Ensure permissions are tightly controlled for AWS ElasticSearch DomainsAWSIdentity and Access Management
HIGH
AC_AWS_0384Ensure data encryption is enabled for AWS SageMaker Notebook instancesAWSData Protection
HIGH
AC_AWS_0424Ensure direct access from the internet is disabled for AWS SageMaker Notebook instancesAWSData Protection
HIGH
AC_AZURE_0144Ensure queries are not supported over the public internet for Azure Log Analytics WorkspaceAzureInfrastructure Security
HIGH
AC_AZURE_0146Ensure log analytics workspace has daily quota value set for Azure Log Analytics WorkspaceAzureCompliance Validation
LOW
AC_AZURE_0225Ensure Power BI analysis services are defined for Azure Analysis Services ServerAzureCompliance Validation
LOW
AC_AZURE_0226Ensure public access is disabled for Azure Healthcare ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0257Ensure Azure Active Directory (AAD) is configured for Azure Synapse WorkspaceAzureCompliance Validation
MEDIUM
AC_AZURE_0345Ensure data exfiltration protection is enabled for Azure Synapse WorkspaceAzureData Protection
MEDIUM
AC_AZURE_0420Ensure only whitelisted IPs can use Azure Search ServiceAzureInfrastructure Security
MEDIUM