Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0130Ensure 'Job Bookmark Encryption' is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0398Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0404Ensure Principal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0405Ensure NotPrincipal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0410Ensure wildcards(*) are only at end of strings in Action of AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0425Ensure root access is disabled for AWS SageMaker Notebook instancesAWSSecurity Best Practices
HIGH
AC_AWS_0433Ensure cloud users don't have any direct permissions in AWS IAM User Policy AttachmentAWSIdentity and Access Management
MEDIUM
AC_AWS_0436Ensure automatic backups are enabled for AWS Elasticache ClusterAWSData Protection
MEDIUM
AC_AWS_0478Ensure that IP range is specified in CIDR format for AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0479Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0482Ensure there is no policy with invalid principal key for AWS S3 Bucket policyAWSIdentity and Access Management
LOW
AC_AWS_0489Ensure Creation of SLR with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0495Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AZURE_0115Ensure that authentication feature is enabled for Azure Linux Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0139Ensure regular backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0253Ensure system-assigned managed identity authentication is used for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AZURE_0290Ensure that Azure policies add-on are used for Azure Kubernetes ClusterAzureSecurity Best Practices
MEDIUM
AC_AZURE_0362Ensure boot diagnostics are enabled for Azure Virtual MachineAzureLogging and Monitoring
MEDIUM
AC_AZURE_0550Ensure disk encryption is enabled for Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_GCP_0022Ensure PodSecurityPolicy controller is enabled on Google Container ClusterGCPCompliance Validation
HIGH
AC_GCP_0274Ensure OSLogin is enabled for centralized SSH key pair management using Google ProjectGCPIdentity and Access Management
MEDIUM
AC_GCP_0275Ensure multi-factor authentication is enabled for Google Compute Project MetadataGCPSecurity Best Practices
LOW
AC_AWS_0632Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AZURE_0373Ensure that 'Secure transfer required' is set to 'Enabled'AzureData Protection
HIGH
AC_GCP_0010Ensure That the Default Network Does Not Exist in a Project - google_projectGCPInfrastructure Security
LOW
AC_GCP_0234Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access EnabledGCPIdentity and Access Management
LOW
AC_GCP_0239Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_memberGCPIdentity and Access Management
HIGH
AC_GCP_0253Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'GCPCompliance Validation
LOW
AC_AWS_0138Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_GCP_0002Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSLGCPInfrastructure Security
HIGH
AC_K8S_0001Configure Image Provenance using ImagePolicyWebhook admission controllerKubernetesIdentity and Access Management
MEDIUM
AC_AWS_0226Ensure secrets should be auto-rotated after not more than 90 daysAWSCompliance Validation
HIGH
AC_AWS_0470Ensure cloud users don't have any direct permissions in AWS IAM User PolicyAWSIdentity and Access Management
MEDIUM
AC_AZURE_0416Ensure that traffic analytics is enabled via Azure Network Watcher Flow LogAzureSecurity Best Practices
MEDIUM
AC_AZURE_0418Ensure that Network Watcher is 'Enabled'AzureLogging and Monitoring
HIGH
AC_GCP_0036Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute InstanceGCPData Protection
MEDIUM
AC_GCP_0038Ensure default setting for OSLogin is not overridden by Google Compute InstanceGCPIdentity and Access Management
LOW
AC_AWS_0081Ensure AWS EBS Volume has a corresponding AWS EBS SnapshotAWSData Protection
HIGH
AC_AWS_0374Ensure data encryption is enabled for AWS X-RayAWSData Protection
HIGH
AC_AWS_0431Ensure cloud users don't have any direct permissions in AWS IAM PolicyAWSIdentity and Access Management
MEDIUM
AC_AWS_0445Ensure policies are used for AWS CloudFormation StacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0453Ensure one target group is configured to listen on HTTPS for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0462Ensure no policy is attached that may cause privilege escalation for AWS IAM Role PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0465Ensure secrets are encrypted using AWS KMS key for AWS Secrets ManagerAWSData Protection
MEDIUM
AC_AWS_0469Ensure EMR cluster is Configured with Kerberos AuthenticationAWSInfrastructure Security
MEDIUM
AC_AWS_0473Ensure principal element is not empty in AWS IAM Trust PolicyAWSIdentity and Access Management
LOW
AC_AWS_0480Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0488Ensure there is no IAM policy with invalid policy elementAWSIdentity and Access Management
LOW
AC_AWS_0490Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked rolesAWSIdentity and Access Management
HIGH
AC_AWS_0497Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM PolicyAWSIdentity and Access Management
LOW