| 🛡️ AWS DMS Replication Instance is publicly accessible🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Auto Scaling Group behind ELB assigns public IP to instances🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Default Security Group does not restrict all traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Instance with an auto-assigned public IP address is in a default subnet🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Instance without a public IP address is in a public subnet🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted CIFS traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted DNS traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted ICMP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted NetBIOS traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted traffic to all ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted traffic to MongoDB🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows unrestricted Telnet traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS ECS Service automatically assigns public IP addresses🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EFS Mount Target is in a subnet that assigns public IP addresses on launch🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EKS Cluster allows unrestricted public traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Lambda Function is not in a VPC🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS MQ Broker is publicly accessible🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS OpenSearch Domain has a public endpoint🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS RDS Aurora Cluster access is not consistent🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS RDS Instance is publicly accessible🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Redshift Cluster is publicly accessible🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Redshift Cluster security group allows unrestricted access on the cluster port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS SageMaker Notebook Instance Direct Internet Access is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS VPC Network ACL exposes admin ports to public internet ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS VPC Route Table for VPC Peering does not follow the least privilege principle🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ AWS VPC Subnet Map Public IP On Launch is enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Databricks Workspace Allow Public Network Access is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Databricks Workspace network security groups are not configured🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Databricks Workspace Secure Cluster Connectivity is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Key Vault Public Network Access is enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Managed Disk Public Network Access is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to all ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to CIFS port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to DNS port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to FTP ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to HTTP(S) ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to MongoDB ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to MSSQL port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to MySQL port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to NetBIOS ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to Oracle DBMS ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to PostgreSQL port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to RDP port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to RPC port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to SMTP port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to SSH port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public access to Telnet port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Group allows public UDP access🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Subnet without Network Security Group🟢 | 1 | 🟠 x1, 🟢 x5 | no data |
| 🛡️ Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Public IP Address is not associated with any resource🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Public IP Addresses are not evaluated periodically🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP)🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure SQL Server Public Network Access is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Default Network Access Rule is not set to Deny🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Public Network Access is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Trusted Azure Services are not enabled as networking exceptions🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Subscription Bastion Host does not exist🟢 | 1 | 🟠 x1, 🟢 x5 | no data |
| 🛡️ Azure Virtual Machine allows public access to all ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to CIFS port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to DNS port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to FTP ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to HTTP(S) ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to MongoDB ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to MSSQL port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to MySQL port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to NetBIOS ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to Oracle DBMS ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to PostgreSQL port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to RDP port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to RPC port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to SMTP port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to SSH port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public access to Telnet port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Machine allows public UDP access🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to all ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to CIFS port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to DNS port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to FTP ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to HTTP(S) ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to MongoDB ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to MSSQL port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to MySQL port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to NetBIOS ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to Oracle DBMS ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to PostgreSQL port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to RDP port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to RPC port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to SMTP port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to SSH port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public access to Telnet port🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure VM Scale Set Instance allows public UDP access🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Instance has public IP addresses🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Server Instance remote access Database Flag is not set to off🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance Enable Connecting to Serial Ports is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance has a public IP address🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance IP Forwarding is not disabled.🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE IP Address is unused🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted CiscoSecure/WebSM traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted DNS traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted FTP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted HTTP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted LDAP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted NetBIOS traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted POP3 traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted RDP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted SMTP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted SSH traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to all ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to Cassandra🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to Directory services"🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to Elasticsearch🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to Memcached🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to MongoDB🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to MySQL🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to OracleDB🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to PostgreSQL🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted traffic to Redis🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted Telnet traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network has no egress deny Firewall Rule🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GKE Cluster Private Google Access is not enabled.🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Project has a default network🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Oracle IAAS Default Security List allows unrestricted non-ICMP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Oracle IAAS Network Security Group allows unrestricted RDP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Oracle IAAS Network Security Group allows unrestricted SSH traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Oracle IAAS Security List allows unrestricted RDP traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Oracle IAAS Security List allows unrestricted SSH traffic🟢 | 1 | 🟢 x6 | no data |