Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_K8S_0047Ensure that the admission control plugin AlwaysAdmit is not setKubernetesCompliance Validation
MEDIUM
AC_K8S_0058Ensure that the --cert-file and --key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0109Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_AZURE_0026Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0248Ensure That 'PHP version' is the Latest, If Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AZURE_0126Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database ServerAzureInfrastructure Security
MEDIUM
S3_AWS_0010Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_K8S_0051Prefer using secrets as files over secrets as environment variablesKubernetesInfrastructure Security
HIGH
AC_AWS_0596Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AZURE_0323Ensure that Microsoft Defender for Kubernetes is set to 'On'AzureData Protection
MEDIUM
AC_K8S_0029Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0035Ensure that the --request-timeout argument is set as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0092Ensure that the --kubelet-https argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0028Ensure that the --insecure-port argument is set to 0KubernetesInfrastructure Security
HIGH
AC_AWS_0049Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0434Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_GCP_0367Ensure API Keys Are Rotated Every 90 DaysGCPSecurity Best Practices
MEDIUM
AC_K8S_0091Ensure that the --token-auth-file parameter is not setKubernetesIdentity and Access Management
MEDIUM
AC_GCP_0231Enable VPC Flow Logs and Intranode VisibilityGCPInfrastructure Security
MEDIUM
AC_K8S_0010Ensure that the --read-only-port is disabledKubernetesIdentity and Access Management
LOW
AC_AZURE_0040Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0053Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureInfrastructure Security
HIGH
AC_AWS_0606Ensure MFA Delete is enabled on S3 bucketsAWSSecurity Best Practices
HIGH
AC_GCP_0024Ensure authentication using Client Certificates is DisabledGCPIdentity and Access Management
MEDIUM
AC_GCP_0315Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on'GCPCompliance Validation
LOW
AC_AZURE_0038Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0039Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0045Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)AzureInfrastructure Security
MEDIUM
AC_AZURE_0238Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage AccountAzureIdentity and Access Management
MEDIUM
AC_GCP_0347Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized LoggingGCPCompliance Validation
LOW
AC_K8S_0094Ensure that the --authorization-mode argument is not set to AlwaysAllowKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0038Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0041Ensure that the --etcd-cafile argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0008Ensure that a Client CA File is ConfiguredKubernetesIdentity and Access Management
HIGH
AC_K8S_0046Minimize the admission of privileged containersKubernetesIdentity and Access Management
HIGH
AC_K8S_0104Minimize wildcard use in Roles and ClusterRolesKubernetesIdentity and Access Management
HIGH
AC_GCP_0300Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'GCPCompliance Validation
LOW
AC_AWS_0160Ensure rotation for customer created CMKs is enabledAWSData Protection
HIGH
AC_K8S_0005Ensure that the Anonymous Auth is Not EnabledKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0009Ensure that the --rotate-certificates argument is not present or is set to trueKubernetesData Protection
MEDIUM
AC_K8S_0040Ensure that a Client CA File is ConfiguredKubernetesData Protection
MEDIUM
AC_AWS_0552Ensure MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_AZURE_0047Ensure That 'All users with the following roles' is set to 'Owner'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0066Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed keyAzureData Protection
MEDIUM
AC_AZURE_0339Ensure that Activity Log Alert exists for Create or Update Security SolutionAzureLogging and Monitoring
MEDIUM
AC_AZURE_0344Ensure that Activity Log Alert exists for Delete Policy AssignmentAzureLogging and Monitoring
MEDIUM
AC_AWS_0562Ensure a log metric filter and alarm exist for CloudTrail configuration changesAWSSecurity Best Practices
HIGH
AC_AWS_0575Ensure that Object-level logging for read events is enabled for S3 bucketAWSIdentity and Access Management
HIGH
AC_AWS_0598Ensure a support role has been created to manage incidents with AWS SupportAWSIdentity and Access Management
MEDIUM