Detections
Analytics

Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_AZURE_0286Ensure SSH (TCP:22) is not exposed to public for Azure Network Security RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0287Ensure SSH (TCP:22) is not exposed to more than 32 private hosts for Azure Network Security RuleAzureInfrastructure Security
LOW
AC_AZURE_0288Ensure password authentication is disabled for Azure Linux Virtual MachineAzureSecurity Best Practices
MEDIUM
AC_AZURE_0289Ensure HTTP application routing has been disabled for Azure Kubernetes ClusterAzureInfrastructure Security
HIGH
AC_AZURE_0290Ensure that Azure policies add-on are used for Azure Kubernetes ClusterAzureSecurity Best Practices
MEDIUM
AC_AZURE_0291Ensure that logging to Azure Monitoring is configured for Azure Kubernetes ClusterAzureLogging and Monitoring
MEDIUM
AC_AZURE_0292Ensure that public access is disabled in Azure Key VaultAzureInfrastructure Security
MEDIUM
AC_AZURE_0293Ensure that Web Application Firewall (WAF) is used in 'Detection' or 'Prevention' modes for Azure Front DoorAzureInfrastructure Security
MEDIUM
AC_AZURE_0294Ensure encryption is enabled for Azure Data Lake StoreAzureData Protection
MEDIUM
AC_AZURE_0295Ensure that logging for detailed error messages is enabled for Azure App ServiceAzureLogging and Monitoring
LOW
AC_AZURE_0296Ensure that failed request tracing is enabled for Azure App ServiceAzureLogging and Monitoring
MEDIUM
AC_AZURE_0297Ensure that Azure Files are used for Azure App ServiceAzureResilience
MEDIUM
AC_AZURE_0298Ensure that Azure Data Explorer uses double encryption in Azure Kusto ClusterAzureData Protection
MEDIUM
AC_AZURE_0299Ensure that Azure Data Explorer uses disk encryption in Azure Kusto ClusterAzureData Protection
MEDIUM
AC_AZURE_0300Ensure virtual network is used to deploy Azure Container GroupAzureSecurity Best Practices
MEDIUM
AC_AZURE_0301Ensure that key vault is used to encrypt data for Azure Batch AccountAzureData Protection
MEDIUM
AC_AZURE_0302Ensure read, write and delete request logging is enabled for queue service in Azure Storage AccountAzureLogging and Monitoring
MEDIUM
AC_AZURE_0303Ensure that authentication feature is enabled for Azure Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0304Ensure extensions are not installed on Azure Windows Virtual MachineAzureInfrastructure Security
MEDIUM
AC_AZURE_0305Ensure public access is disabled for Azure Storage SyncAzureInfrastructure Security
HIGH
AC_AZURE_0306Ensures that Active Directory is used for authentication for Azure Service Fabric ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0307Ensure public access is disabled for Azure Search ServiceAzureInfrastructure Security
HIGH
AC_AZURE_0308Ensure public access is disabled for Azure MySQL Single ServerAzureInfrastructure Security
HIGH
AC_AZURE_0309Ensure default network access rule is set to deny in Azure Storage Account Network RulesAzureInfrastructure Security
MEDIUM
AC_AZURE_0310Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual MachineAzureInfrastructure Security
MEDIUM
AC_AZURE_0311Ensure public access is disabled for Azure IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0312Ensure public network access disabled for Azure Eventgrid DomainAzureInfrastructure Security
HIGH
AC_AZURE_0313Ensure that virtual networks are in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0314Ensure that Web Application Firewall (WAF) enabled for Azure Front DoorAzureInfrastructure Security
MEDIUM
AC_AZURE_0315Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB AccountAzureData Protection
MEDIUM
AC_AZURE_0316Ensure public network access disabled for Azure CosmosDB AccountAzureInfrastructure Security
MEDIUM
AC_AZURE_0317Ensure that string variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0318Ensure that integer variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0319Ensure that date-time variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0320Ensure that boolean variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0321Ensure public access is disabled for Azure Managed DiskAzureInfrastructure Security
HIGH
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0323Ensure that Microsoft Defender for Kubernetes is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0324Ensure that Microsoft Defender for Container Registries is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0325Ensure that Microsoft Defender for Storage is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0326Ensure that Microsoft Defender for SQL servers on machines is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0327Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureData Protection
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_AZURE_0329Ensure custom script extensions are not used in Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0330Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is SelectedAzureCompliance Validation
MEDIUM
AC_AZURE_0331Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selectedAzureCompliance Validation
MEDIUM
AC_AZURE_0332Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_AZURE_0333Ensure that Activity Log Alert exists for Delete Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0334Ensure FTP deployments are DisabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0335Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'AzureInfrastructure Security
MEDIUM