Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0588Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_GCP_0011Ensure KMS Encryption Keys Are Rotated Within a Period of 90 DaysGCPSecurity Best Practices
LOW
AC_AZURE_0248Ensure That 'PHP version' is the Latest, If Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AZURE_0413Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configurationAzureLogging and Monitoring
MEDIUM
AC_GCP_0251Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on'GCPCompliance Validation
LOW
AC_AWS_0034Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_GCP_0323Ensure Compute Instances Are Launched With Shielded VM EnabledGCPInfrastructure Security
LOW
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AWS_0596Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AWS_0428Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AZURE_0375Ensure that 'Auditing' Retention is 'greater than 90 days'AzureCompliance Validation
LOW
AC_GCP_0229Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)GCPData Protection
MEDIUM
AC_GCP_0230Ensure That BigQuery Datasets Are Not Anonymously or Publicly AccessibleGCPIdentity and Access Management
HIGH
AC_GCP_0252Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'GCPCompliance Validation
LOW
AC_GCP_0258Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'GCPCompliance Validation
LOW
AC_AWS_0049Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0434Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AWS_0036Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_AWS_0230Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0427Ensure hardware MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_GCP_0040Ensure That Instances Are Not Configured To Use the Default Service AccountGCPIdentity and Access Management
HIGH
AC_AWS_0209Ensure MFA Delete is enable on S3 bucketsAWSSecurity Best Practices
HIGH
AC_GCP_0035Ensure Compute instances are launched with Shielded VM enabledGCPInfrastructure Security
LOW
S3_AWS_0003Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_AZURE_0410Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database ServerAzureResilience
MEDIUM
AC_AWS_0597Ensure MFA is enabled for the 'root' user accountAWSCompliance Validation
HIGH
AC_GCP_0259Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'GCPCompliance Validation
LOW
AC_AZURE_0126Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database ServerAzureInfrastructure Security
MEDIUM
S3_AWS_0010Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_AWS_0432Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_GCP_0300Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'GCPCompliance Validation
LOW
AC_AWS_0033Ensure CloudTrail logs are encrypted at rest using KMS CMKsAWSLogging and Monitoring
HIGH
AC_AWS_0080Ensure EBS volume encryption is enabledAWSData Protection
HIGH
AC_AWS_0552Ensure MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_GCP_0024Ensure authentication using Client Certificates is DisabledGCPIdentity and Access Management
MEDIUM
AC_GCP_0315Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on'GCPCompliance Validation
LOW
AC_AZURE_0086Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'AzureInfrastructure Security
MEDIUM
AC_AZURE_0122Ensure FTP deployments are Disabled - azurerm_linux_function_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0131Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database ServerAzureInfrastructure Security
HIGH
AC_AZURE_0163Ensure that the Expiration Date is set for all Secrets in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0573Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0583Ensure FTP deployments are Disabled - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AWS_0151Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0585Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AWS_0605Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AZURE_0167Ensure the Key Vault is RecoverableAzureData Protection
MEDIUM
AC_AZURE_0408Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database ServerAzureInfrastructure Security
HIGH
AC_GCP_0033Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC NetworkGCPLogging and Monitoring
MEDIUM
AC_GCP_0099Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set AppropriatelyGCPCompliance Validation
LOW
AC_GCP_0299Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or StricterGCPCompliance Validation
LOW