logo

Database

Security

Rules

Security Rules define automated logic and checks across code, cloud, applications, and binaries. They provide a structured approach to identifying vulnerabilities, strengthening secure development practices, and aligning with compliance and risk-management standards.

Total rules

795

Targets covered

47

Mapped standards

91

CSPM-0DFDW

CSPM

Aws Password And Access Keys

0.6

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-0ED1D

CSPM

Aws Auto Backups Disabled

1.8

Low

Target: AWS

Technology: ELASTICACHE

CWE ID(s):

CWE-732

Last update time: November 27, 2025

CSPM-0FTDG

CSPM

Aws Kafka Cluster Logging Disabled

0.6

Low

Target: AWS

Technology: KAFKA

CWE ID(s):

CWE-778

Last update time: November 27, 2025

CSPM-0ICWN

CSPM

Aws Instance Tls Disabled

0.6

Low

Target: AWS

Technology: RDS

CWE ID(s):

CWE-327

Last update time: November 27, 2025

CSPM-0W4GF

CSPM

Aws Trail Bucket Logging Disabled

0.6

Low

Target: AWS

Technology: S3

CWE ID(s):

CWE-778

Last update time: November 27, 2025

CSPM-1FELR

CSPM

Aws Invalid Header Fields Not Dropped

1.3

Low

Target: AWS

Technology: ELBV2

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-1GELE

CSPM

Azure Flex Server Insecure Tls

0.5

Low

Target: AZURE

Technology: DB_POSTGRESQL

CWE ID(s):

CWE-327

Last update time: November 27, 2025

CSPM-1GUTN

CSPM

Azure Port Ranges Used

1.3

Low

Target: AZURE

Technology: NETWORK_SECURITY_GROUP

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-1QGCD

CSPM

Azure Db Postgresql Insecure Tls Version

0.6

Low

Target: AZURE

Technology: DB_POSTGRESQL

CWE ID(s):

CWE-327

Last update time: November 27, 2025

CSPM-233C2

CSPM

Aws Public Buckets

0.5

Low

Target: AWS

Technology: S3

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-2PI3R

CSPM

Aws Insecure Transport

0.6

Low

Target: AWS

Technology: S3

CWE ID(s):

CWE-319

Last update time: November 27, 2025

CSPM-3EESR

CSPM

Aws Multiple Network Interfaces

4.6

Medium

Target: AWS

Technology: EC2

CWE ID(s):

CWE-497

Last update time: November 27, 2025

CSPM-3ESTU

CSPM

Aws Unencrypted Snapshots

2.1

Low

Target: AWS

Technology: EC2

CWE ID(s):

CWE-497

Last update time: November 27, 2025

CSPM-3WUW3

CSPM

Aws Public Queue

0.5

Low

Target: AWS

Technology: SQS

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-42IPA

CSPM

Aws Admin Ports Open

2.7

Low

Target: AWS

Technology: EC2

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-4I4IP

CSPM

Aws Persistent Logs

0.6

Low

Target: AWS

Technology: ELASTIC_BEANSTALK

CWE ID(s):

CWE-778

Last update time: November 27, 2025

CSPM-56SNE

CSPM

Aws Sqs Encryption Disabled

1.3

Low

Target: AWS

Technology: SQS

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-5ESSI

CSPM

Aws No Sensitive Info Filter

1.3

Low

Target: AWS

Technology: BEDROCK

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-5RCSR

CSPM

Azure Dangerous Ports Access

1.3

Low

Target: AZURE

Technology: NETWORK_SECURITY_GROUP

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-5TAIS

CSPM

Aws Certificate Expired

1.3

Low

Target: AWS

Technology: ACM

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-6FAII

CSPM

Aws Cache Encryption Disabled

1.3

Low

Target: AWS

Technology: API_GATEWAY

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-6RTHW

CSPM

Aws Virtual Gateway Tls Disabled

0.6

Low

Target: AWS

Technology: APP_MESH

CWE ID(s):

CWE-327

Last update time: November 27, 2025

CSPM-9L1ID

CSPM

Azure Admin Privileges

1.3

Low

Target: AZURE

Technology: WEB_APP

CWE ID(s):

CWE-266

Last update time: November 27, 2025

CSPM-A4PIB

CSPM

Azure Mysql Firewall Allows Public Access

1.7

Low

Target: AZURE

Technology: DB_MYSQL

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-A5RRI

CSPM

Azure Ssh Unrestricted Access

1.2

Low

Target: AZURE

Technology: NETWORK_SECURITY_GROUP

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-AAHAS

CSPM

Aws Anyone Can Publish

1.3

Low

Target: AWS

Technology: SNS

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-AALWE

CSPM

Aws Default Allows All Traffic

2.7

Low

Target: AWS

Technology: EC2

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-AAN1Z

CSPM

Azure Rpc Unrestricted Access

1.2

Low

Target: AZURE

Technology: NETWORK_SECURITY_GROUP

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-ADFWN

CSPM

Aws Old Credentials Enabled

2.7

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-521

Last update time: November 27, 2025

CSPM-AE20T

CSPM

Gcp Object Versioning Disabled

0.5

Low

Target: GCP

Technology: STORAGE

CWE ID(s):

CWE-778

Last update time: November 27, 2025

CSPM-AEYSE

CSPM

Aws Master Keys Exposed

0.5

Low

Target: AWS

Technology: KMS

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-AFS3U

CSPM

Aws Password Expiration Unsafe

2.7

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-521

Last update time: November 27, 2025

CSPM-AFURY

CSPM

Azure App Service Managed Identity Not Used

1.7

Low

Target: AZURE

Technology: APP_SERVICE

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-AIUCK

CSPM

Aws Acl Public Buckets

8.1

High

Target: AWS

Technology: S3

CWE ID(s):

CWE-552

Last update time: November 27, 2025

CSPM-AIW3E

CSPM

Aws Group Permissive Inline Policies

0.5

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-ALRPL

CSPM

Aws All Ports Open Public

2.7

Low

Target: AWS

Technology: EC2

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-AM3F6

CSPM

Aws Password Reuse Unsafe

1.7

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-521

Last update time: November 27, 2025

CSPM-ANVTR

CSPM

Azure Encryption At Host Disabled

1.7

Low

Target: AZURE

Technology: VM

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-AOAN4

CSPM

Azure Api Management Public Network Access Enabled

1.7

Low

Target: AZURE

Technology: API_MANAGEMENT

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-AOTC1

CSPM

Aws Root Access Keys

1.3

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-AOUCT

CSPM

Azure Public Access Allowed

1.3

Low

Target: AZURE

Technology: NETWORK_SECURITY_GROUP

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-AREES

CSPM

Aws Intercontainer Encryption Disabled

1.3

Low

Target: AWS

Technology: SAGEMAKER

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-ASET4

CSPM

Azure Infrastructure Encryption Disabled

1.7

Low

Target: AZURE

Technology: STORAGE

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-AT4VN

CSPM

Azure Not Using Latest Version

1.7

Low

Target: AZURE

Technology: AKS

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-ATAEH

CSPM

Aws Backup Retention Period

1.8

Low

Target: AWS

Technology: ELASTICACHE

CWE ID(s):

CWE-732

Last update time: November 27, 2025

CSPM-ATCPT

CSPM

Aws Unencrypted Secrets

1.3

Low

Target: AWS

Technology: EKS

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-ATIOU

CSPM

Aws Private Buckets Not Blocking Acls

0.5

Low

Target: AWS

Technology: S3

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-AWEDE

CSPM

Aws Terminate Shutdown Behavior

4.6

Medium

Target: AWS

Technology: EC2

CWE ID(s):

CWE-497

Last update time: November 27, 2025

CSPM-BKFRO

CSPM

Azure Data Factory Public Network Access Enabled

1.7

Low

Target: AZURE

Technology: DATA_FACTORY

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-BN6FS

CSPM

Aws Public Snapshot

1.3

Low

Target: AWS

Technology: EBS

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-BORM4

CSPM

Azure Cosmos Db Public Network Access Enabled

1.7

Low

Target: AZURE

Technology: COSMOS_DB

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-BPUHB

CSPM

Aws Public Clusters

1.3

Low

Target: AWS

Technology: REDSHIFT

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-BRNAC

CSPM

Aws Insecure Ssl Cipher

0.5

Low

Target: AWS

Technology: ELBV2

CWE ID(s):

CWE-327

Last update time: November 27, 2025

CSPM-C0LGW

CSPM

Aws Delivery Failing

0.6

Low

Target: AWS

Technology: CLOUDTRAIL

CWE ID(s):

CWE-778

Last update time: November 27, 2025

CSPM-C4ULA

CSPM

Aws Docdb Without Audit Logs

0.6

Low

Target: AWS

Technology: DOCDB

CWE ID(s):

CWE-778

Last update time: November 27, 2025

CSPM-CAIWI

CSPM

Aws Policy Misconfigured

0.5

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-CDRTD

CSPM

Azure Smtp Unrestricted Access

1.2

Low

Target: AZURE

Technology: NETWORK_SECURITY_GROUP

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-CKKRS

CSPM

Gcp Public Buckets

1.7

Low

Target: GCP

Technology: STORAGE

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-CR6TN

CSPM

Azure No Zonal Redundancy

1.7

Low

Target: AZURE

Technology: VM_SCALE_SET

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-CRNSE

CSPM

Aws Automatic Rotation Disabled

1.7

Low

Target: AWS

Technology: SECRETS_MANAGER

CWE ID(s):

CWE-262

Last update time: November 27, 2025

CSPM-CRNSR

CSPM

Azure Postgresql Unrestricted Access

1.2

Low

Target: AZURE

Technology: NETWORK_SECURITY_GROUP

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-CSONB

CSPM

Aws Anyone Can Subscribe

1.3

Low

Target: AWS

Technology: SNS

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-CTEER

CSPM

Aws Cluster Snapshot Unencrypted

1.3

Low

Target: AWS

Technology: RDS

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-CW0N2

CSPM

Aws Rfc1918 Ip Ranges

0.5

Low

Target: AWS

Technology: EC2

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-DAAIG

CSPM

Aws Access Logging Disabled

0.6

Low

Target: AWS

Technology: ELBV2

CWE ID(s):

CWE-778

Last update time: November 27, 2025

CSPM-DCCNY

CSPM

Azure Icmp Ingress Not Restricted

0.6

Low

Target: AZURE

Technology: NETWORK_SECURITY_GROUP

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-DD6LT

CSPM

Aws Cluster Encryption Disabled

1.3

Low

Target: AWS

Technology: DAX

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-DEEAC

CSPM

Aws Mfa Disabled Console Users

2.4

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-308

Last update time: November 27, 2025

CSPM-DFDLS

CSPM

Azure Db Mysql Ssl Disabled

0.6

Low

Target: AZURE

Technology: MYSQL

CWE ID(s):

CWE-327

Last update time: November 27, 2025

CSPM-DLBFF

CSPM

Azure Flex Server Firewall Public Access

1.7

Low

Target: AZURE

Technology: DB_POSTGRESQL

CWE ID(s):

CWE-602

Last update time: November 27, 2025

CSPM-DLEEN

CSPM

Aws Encryption At Rest Disabled

1.3

Low

Target: AWS

Technology: OPENSEARCH

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-DNPYN

CSPM

Aws Db Snapshot Unencrypted

1.3

Low

Target: AWS

Technology: RDS

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-DOIT2

CSPM

Aws Modify Instance Attribute

4.6

Medium

Target: AWS

Technology: EC2

CWE ID(s):

CWE-497

Last update time: November 27, 2025

CSPM-DOPAL

CSPM

Aws Public Snapshots

1.3

Low

Target: AWS

Technology: RDS

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-DSTAC

CSPM

Azure Mutual Tls Disabled

1.7

Low

Target: AZURE

Technology: APP_SERVICE

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-DTF6L

CSPM

Aws Broker Broker Tls Disabled

0.6

Low

Target: AWS

Technology: KAFKA

CWE ID(s):

CWE-327

Last update time: November 27, 2025

CSPM-DWEFP

CSPM

Aws Domain Exposed

0.6

Low

Target: AWS

Technology: OPENSEARCH

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-DWGAF

CSPM

Aws Mfa Disabled

1.3

Low

Target: AWS

Technology: COGNITO

CWE ID(s):

CWE-308

Last update time: November 27, 2025

CSPM-E0TIO

CSPM

Gcp Lifecycle Not Defined

0.5

Low

Target: GCP

Technology: STORAGE

CWE ID(s):

CWE-778

Last update time: November 27, 2025

CSPM-EAELS

CSPM

Azure Synapse Firewall Allows Public Access

1.7

Low

Target: AZURE

Technology: SYNAPSE

CWE ID(s):

CWE-602

Last update time: November 27, 2025

CSPM-EDIAA

CSPM

Aws Iam Authentication Disabled

1.3

Low

Target: AWS

Technology: RDS

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-EEET1

CSPM

Azure Geo Replication Disabled

1.8

Low

Target: AZURE

Technology: STORAGE_ACCOUNT

CWE ID(s):

CWE-732

Last update time: November 27, 2025

CSPM-EENI9

CSPM

Aws Files Not Validated

0.6

Low

Target: AWS

Technology: CLOUDTRAIL

CWE ID(s):

CWE-117

Last update time: November 27, 2025

CSPM-EEPUC

CSPM

Azure Redis Public Network Access Enabled

1.7

Low

Target: AZURE

Technology: REDIS

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-EFSLR

CSPM

Aws Allow All Ingress

0.5

Low

Target: AWS

Technology: EC2

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-EIESN

CSPM

Aws Privilege Escalation By Policy Versions

5.9

Medium

Target: AWS

Technology: IAM

CWE ID(s):

CWE-78

Last update time: November 27, 2025

CSPM-EIRRA

CSPM

Aws Ssl Not Required

1.3

Low

Target: AWS

Technology: REDSHIFT

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-ELARN

CSPM

Azure Remote Debugging Enabled

1.3

Low

Target: AZURE

Technology: APP_SERVICE

CWE ID(s):

CWE-489

Last update time: November 27, 2025

CSPM-ENR65

CSPM

Aws Transfer Lock Disabled

1.3

Low

Target: AWS

Technology: ROUTE53

CWE ID(s):

CWE-306

Last update time: November 27, 2025

CSPM-ENREE

CSPM

Azure Backend Insecure Tls

0.6

Low

Target: AZURE

Technology: API_MANAGEMENT

CWE ID(s):

CWE-327

Last update time: November 27, 2025

CSPM-ENT6U

CSPM

Azure Secret Expiration Not Enabled

1.7

Low

Target: AZURE

Technology: KEY_VAULT

CWE ID(s):

CWE-1188

Last update time: November 27, 2025

CSPM-EOD7B

CSPM

Aws Old Ssh Public Keys

2.7

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-521

Last update time: November 27, 2025

CSPM-EODOA

CSPM

Aws Elbv2 Deletion Protection Disabled

4.6

Medium

Target: AWS

Technology: ELBV2

CWE ID(s):

CWE-732

Last update time: November 27, 2025

CSPM-EOSTE

CSPM

Aws Not Requires Numbers

1.7

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-521

Last update time: November 27, 2025

CSPM-ERLNW

CSPM

Aws Opensearch Insecure Tls Version

0.6

Low

Target: AWS

Technology: OPENSEARCH

CWE ID(s):

CWE-327

Last update time: November 27, 2025

CSPM-ESPIS

CSPM

Aws Public Instances

2.7

Low

Target: AWS

Technology: EC2

CWE ID(s):

CWE-863

Last update time: November 27, 2025

CSPM-ESU11

CSPM

Aws Full Ssm Access

0.6

Low

Target: AWS

Technology: IAM

CWE ID(s):

CWE-250

Last update time: November 27, 2025

CSPM-EU9TU

CSPM

Aws Unrestricted Cluster Security Groups

0.5

Low

Target: AWS

Technology: RDS

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-EWCRF

CSPM

Aws Allow All Egress

1.7

Low

Target: AWS

Technology: EC2

CWE ID(s):

CWE-1327

Last update time: November 27, 2025

CSPM-EXSLQ

CSPM

Azure Flexible Server Ssl Disabled

0.5

Low

Target: AZURE

Technology: DB_POSTGRESQL

CWE ID(s):

CWE-327

Last update time: November 27, 2025