Cloud Security Rules

RULE	SERVICE GROUP
C App Service web app allows HTTP traffic	App Service (Web Apps)
C CDN endpoint does not enforce HTTPS	CDN
H App Service allows FTP deployments	App Service (Web Apps)
H Azure App Service allows HTTP traffic	App Service (Web Apps)
H Azure Container Registry admin user is enabled	Container
H Function app does not enforce HTTPS	App Service (Web Apps)
H Geo-replication for Azure Container Images is disabled	Container
H MariaDB server does not enforce SSL	Database
H Microsoft Defender for Cloud security alert notifications are disabled	Security Center
H MySQL Server does not enforce SSL	Database
H MySQL server does not enforce TLS for connections	Database
H PostgreSQL Server does not enforce SSL	Database
H PostgreSQL server does not enforce TLS connections	Database
H Public read access is enabled for storage containers and blobs	Storage
H Redis cache insecure port is enabled	Redis
H SAS token can be used over insecure HTTP	Storage
H Storage account blob service soft delete is disabled	Storage
H Storage account does not enforce HTTPS	Storage
H Storage container allows public access	Storage
H Storage queue service logging is disabled	Storage
H Virtual machine configuration contains sensitive data	Compute
H Virtual machine is configured with password authentication for admin	Compute
M Activity log profile does not capture all categories	Monitor
M Advanced Threat Protection is disabled on SQL server	Security Center
M AKS cluster does not have platform diagnostic logging enabled	Container
M AKS Kubernetes Dashboard enabled	Container
M AKS local accounts are enabled	Container
M AKS managed Azure Active Directory integration is disabled	Container
M API Management allows anonymous access to developer portal	API Management
M API Management backend allows insecure TLS/SSL protocols	API Management

AWS

Azure

Google

Kubernetes