Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0235Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0001Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AWS_0002Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0003Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0005Ensure encryption is enabled for Amazon Machine Image (AMI)AWSInfrastructure Security
MEDIUM
AC_AWS_0056Ensure automatic minor version upgrade is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0177Ensure latest engine version is used for AWS MQ BrokersAWSSecurity Best Practices
MEDIUM
AC_AWS_0208Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS ECR RepositoryAWSData Protection
MEDIUM
AC_AWS_0368Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway File SharesAWSSecurity Best Practices
HIGH
AC_AWS_0372Ensure root volumes are encrypted for the AWS WorkspacesAWSData Protection
MEDIUM
AC_AWS_0441Ensure HTTP2 is enabled for AWS LB (Load Balancer)AWSInfrastructure Security
LOW
AC_AWS_0454Ensure one HTTPS listener is configured for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0468Ensure encryption is enabled for AWS Athena DatabaseAWSData Protection
HIGH
AC_AZURE_0111Ensure that automatic upgrades are enabled for Azure Virtual Machine ExtensionAzureInfrastructure Security
MEDIUM
AC_AZURE_0154Ensure that TLS is enforced for Azure Load BalancerAzureResilience
LOW
AC_AZURE_0193Ensure web sockets are disabled for Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0201Ensure in-transit encryption is enabled for Azure Redis CacheAzureInfrastructure Security
MEDIUM
AC_AZURE_0294Ensure encryption is enabled for Azure Data Lake StoreAzureData Protection
MEDIUM
AC_AZURE_0299Ensure that Azure Data Explorer uses disk encryption in Azure Kusto ClusterAzureData Protection
MEDIUM
AC_AZURE_0317Ensure that string variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0319Ensure that date-time variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0359Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_GCP_0243Ensure application-layer secrets are encrypted for Google Container ClusterGCPInfrastructure Security
MEDIUM
AC_GCP_0269Ensure that 'always allow' evaluation mode is restricted for Google Binary Authorization PolicyGCPSecurity Best Practices
MEDIUM
AC_K8S_0068Ensure image tag is set in Kubernetes workload configurationKubernetesSecurity Best Practices
LOW
AC_K8S_0123Ensure TLS verification is enabled in Istio Destination RulesKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0394Ensure only SSL connections are enabled for Azure Redis CacheAzureInfrastructure Security
MEDIUM
AC_AWS_0212Ensure there are no publicly writeable and readable AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AZURE_0402Ensure audit log retention period is greater than 90 days for Azure PostgreSQL ServerAzureResilience
LOW
AC_AZURE_0124Ensure latest TLS version is in use for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0278Ensure HTTP is disallowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AWS_0065Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hostsAWSInfrastructure Security
HIGH
AC_AWS_0066Ensure Amazon Relational Database Service (Amazon RDS) instances do not have public interface definedAWSInfrastructure Security
HIGH
AC_AWS_0394Ensure secure ciphers are used for AWS CloudFront distributionAWSData Protection
HIGH
AC_AWS_0068Ensure public access is disabled for AWS Database Migration Service (DMS) instancesAWSData Protection
HIGH
AC_AWS_0099Ensure there are no public file systems for AWS Elastic File System (EFS)AWSIdentity and Access Management
HIGH
AC_AWS_0437Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshotsAWSInfrastructure Security
MEDIUM
AC_AZURE_0093Ensure public access is disabled for Azure IoT Hub Device Provisioning Service (DPS)AzureInfrastructure Security
MEDIUM
AC_AZURE_0094Ensure shared access policies are not used for IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0097Ensure that the Microsoft Defender for IoT Hub is enabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0103Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0135Ensure public access is disabled for Azure MSSQL ServerAzureInfrastructure Security
HIGH
AC_AZURE_0203Ensure cross account access is disabled for Azure Synapse Firewall RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0205Ensure cross account access is disabled for Azure SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0227Ensure advanced threat protection is enabled for Azure CosmosDB AccountAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AZURE_0305Ensure public access is disabled for Azure Storage SyncAzureInfrastructure Security
HIGH
AC_GCP_0245Ensure IAM roles do not impersonate or manage service accounts through Google Folder IAM BindingGCPIdentity and Access Management
LOW
AC_K8S_0112Ensure the use of externalIPs is restricted for Kubernetes serviceKubernetesInfrastructure Security
MEDIUM
AC_AWS_0085Ensure permissions are tightly controlled for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
HIGH
AC_AWS_0155Ensure at-rest server side encryption (SSE) is enabled for data stored in AWS Kinesis ServerAWSData Protection
HIGH