Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_GCP_0100Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'GCPCompliance Validation
LOW
AC_AZURE_0169Ensure that logging for Azure KeyVault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_K8S_0021Ensure that the admission control plugin AlwaysPullImages is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0026Ensure that the admission control plugin NodeRestriction is setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0044Ensure that the --terminated-pod-gc-threshold argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0053Ensure that the --use-service-account-credentials argument is set to trueKubernetesIdentity and Access Management
LOW
AC_AZURE_0557Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_AWS_0607Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_GCP_0236Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_access_controlGCPInfrastructure Security
MEDIUM
AC_K8S_0023Ensure that the admission control plugin ServiceAccount is setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0036Ensure that the --service-account-lookup argument is set to trueKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0052Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
LOW
AC_AWS_0646Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AZURE_0559Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' RequestsAzureData Protection
MEDIUM
AC_AZURE_0156Enable role-based access control (RBAC) within Azure Kubernetes ServicesAzureIdentity and Access Management
MEDIUM
AC_AZURE_0247Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0032Ensure that the --audit-log-maxage argument is set to 30 or as appropriateKubernetesLogging and Monitoring
MEDIUM
S3_AWS_0005Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_AZURE_0128Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'AzureData Protection
MEDIUM
AC_AZURE_0246Ensure that 'Java version' is the latest, if used to run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0033Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_GCP_0027Ensure Master Authorized Networks is EnabledGCPInfrastructure Security
HIGH
AC_K8S_0004Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event captureKubernetesLogging and Monitoring
LOW
AC_K8S_0103Minimize access to create podsKubernetesIdentity and Access Management
HIGH
AC_AWS_0134Ensure password policy requires at least one lowercase character for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AZURE_0216Ensure that a 'Diagnostics Setting' existsAzureLogging and Monitoring
MEDIUM
AC_AZURE_0324Ensure that Microsoft Defender for Container Registries is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0331Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selectedAzureCompliance Validation
MEDIUM
AC_K8S_0030Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0042Ensure that the --encryption-provider-config argument is set as appropriateKubernetesData Protection
MEDIUM
AC_AZURE_0552Enable Role Based Access Control for Azure Key VaultAzureData Protection
LOW
AC_GCP_0271Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_GCP_0366Ensure API Keys Are Restricted to Only APIs That Application Needs AccessGCPSecurity Best Practices
MEDIUM
AC_AWS_0428Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AZURE_0375Ensure that 'Auditing' Retention is 'greater than 90 days'AzureCompliance Validation
LOW
AC_K8S_0090Ensure that the --basic-auth-file argument is not setKubernetesIdentity and Access Management
MEDIUM
AC_GCP_0025Ensure use of VPC-native clustersGCPCompliance Validation
HIGH
AC_GCP_0030Ensure Stackdriver Kubernetes Logging and Monitoring is EnabledGCPLogging and Monitoring
HIGH
AC_GCP_0337Ensure Cloud Asset Inventory Is EnabledGCPLogging and Monitoring
MEDIUM
AC_AZURE_0376Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_K8S_0018Ensure that the --authorization-mode argument includes RBACKubernetesIdentity and Access Management
MEDIUM
S3_AWS_0015Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_GCP_0015Ensure Node Auto-Repair is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_K8S_0086The default namespace should not be usedKubernetesSecurity Best Practices
LOW
AC_AWS_0036Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
S3_AWS_0003Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_GCP_0358Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket LockGCPLogging and Monitoring
LOW
AC_GCP_0365Ensure API Keys Only Exist for Active ServicesGCPSecurity Best Practices
MEDIUM