API key APIs unrestricted
|
API |
Security Health Analytics
|
API key apps unrestricted
|
API |
Security Health Analytics
|
API key exists
|
API |
Security Health Analytics
|
API key not rotated
|
API |
Security Health Analytics
|
Cloud Asset API disabled
|
Inventaris Aset Cloud |
Security Health Analytics
|
Public Compute image
|
Compute Engine |
Security Health Analytics
|
Confidential Computing disabled
|
Compute Engine |
Security Health Analytics
|
Compute project wide SSH keys allowed
|
Compute Engine |
Security Health Analytics
|
Compute Secure Boot disabled
|
Compute Engine |
Security Health Analytics
|
Compute serial ports enabled
|
Compute Engine |
Security Health Analytics
|
Default service account used
|
Compute Engine |
Security Health Analytics
|
Disk CMEK disabled
|
Compute Engine |
Security Health Analytics
|
Disk CSEK disabled
|
Compute Engine |
Security Health Analytics
|
Full API access
|
Compute Engine |
Security Health Analytics
|
HTTP load balancer
|
Compute Engine |
Security Health Analytics
|
Instance OS Login disabled
|
Compute Engine |
Security Health Analytics
|
IP forwarding enabled
|
Compute Engine |
Security Health Analytics
|
OS login disabled
|
Compute Engine |
Security Health Analytics
|
Public IP address
|
Compute Engine |
Security Health Analytics
|
Shielded VM disabled
|
Compute Engine |
Security Health Analytics
|
Weak SSL policy
|
Compute Engine |
Security Health Analytics
|
Alpha cluster enabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Auto repair disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Auto upgrade disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Binary authorization disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Cluster logging disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Cluster monitoring disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Cluster private Google access disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Cluster secrets encryption disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Cluster shielded nodes disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
COS not used
|
Google Kubernetes Engine |
Security Health Analytics
|
Integrity monitoring disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Intranode visibility disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
IP alias disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Legacy authorization enabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Legacy metadata enabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Master authorized networks disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Network policy disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Nodepool boot CMEK disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Nodepool secure boot disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Over privileged account
|
Google Kubernetes Engine |
Security Health Analytics
|
Over privileged scopes
|
Google Kubernetes Engine |
Security Health Analytics
|
Pod security policy disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Private cluster disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Release channel disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Web UI enabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Workload Identity disabled
|
Google Kubernetes Engine |
Security Health Analytics
|
Dataproc CMEK disabled
|
Managed Service untuk Apache Spark |
Security Health Analytics
|
Dataproc image outdated
|
Managed Service untuk Apache Spark |
Security Health Analytics
|
BigQuery table CMEK disabled
|
BigQuery |
Security Health Analytics
|
Dataset CMEK disabled
|
BigQuery |
Security Health Analytics
|
Public dataset
|
BigQuery |
Security Health Analytics
|
DNSSEC disabled
|
Cloud DNS |
Security Health Analytics
|
RSASHA1 for signing
|
Cloud DNS |
Security Health Analytics
|
Egress deny rule not set
|
Firewall |
Security Health Analytics
|
Firewall rule logging disabled
|
Firewall |
Security Health Analytics
|
Open Cassandra port
|
Firewall |
Security Health Analytics
|
Open ciscosecure websm port
|
Firewall |
Security Health Analytics
|
Open directory services port
|
Firewall |
Security Health Analytics
|
Open DNS port
|
Firewall |
Security Health Analytics
|
Open elasticsearch port
|
Firewall |
Security Health Analytics
|
Open firewall
|
Firewall |
Security Health Analytics
|
Open FTP port
|
Firewall |
Security Health Analytics
|
Open HTTP port
|
Firewall |
Security Health Analytics
|
Open LDAP port
|
Firewall |
Security Health Analytics
|
Open Memcached port
|
Firewall |
Security Health Analytics
|
Open MongoDB port
|
Firewall |
Security Health Analytics
|
Open MySQL port
|
Firewall |
Security Health Analytics
|
Open NetBIOS port
|
Firewall |
Security Health Analytics
|
Open OracleDB port
|
Firewall |
Security Health Analytics
|
Open pop3 port
|
Firewall |
Security Health Analytics
|
Open PostgreSQL port
|
Firewall |
Security Health Analytics
|
Open RDP port
|
Firewall |
Security Health Analytics
|
Open Redis port
|
Firewall |
Security Health Analytics
|
Open SMTP port
|
Firewall |
Security Health Analytics
|
Open SSH port
|
Firewall |
Security Health Analytics
|
Open Telnet port
|
Firewall |
Security Health Analytics
|
Access Transparency disabled
|
IAM |
Security Health Analytics
|
Admin service account
|
IAM |
Security Health Analytics
|
Essential Contacts Not Configured
|
IAM |
Security Health Analytics
|
KMS role separation
|
IAM |
Security Health Analytics
|
Non org IAM member
|
IAM |
Security Health Analytics
|
Open group IAM member
|
IAM |
Security Health Analytics
|
Over privileged service account user
|
IAM |
Security Health Analytics
|
Primitive roles used
|
IAM |
Security Health Analytics
|
Redis role used on org
|
IAM |
Security Health Analytics
|
Service account role separation
|
IAM |
Security Health Analytics
|
Service account key not rotated
|
IAM |
Security Health Analytics
|
User managed service account key
|
IAM |
Security Health Analytics
|
KMS key not rotated
|
Cloud KMS |
Security Health Analytics
|
KMS project has owner
|
Cloud KMS |
Security Health Analytics
|
KMS public key
|
Cloud KMS |
Security Health Analytics
|
Too many KMS users
|
Cloud KMS |
Security Health Analytics
|
Audit logging disabled
|
Logging |
Security Health Analytics
|
Bucket logging disabled
|
Logging |
Security Health Analytics
|
Locked retention policy not set
|
Logging |
Security Health Analytics
|
Log not exported
|
Logging |
Security Health Analytics
|
Object versioning disabled
|
Logging |
Security Health Analytics
|
Audit config not monitored
|
Pemantauan |
Security Health Analytics
|
Bucket IAM not monitored
|
Pemantauan |
Security Health Analytics
|
Custom role not monitored
|
Pemantauan |
Security Health Analytics
|
Firewall not monitored
|
Pemantauan |
Security Health Analytics
|
Network not monitored
|
Pemantauan |
Security Health Analytics
|
Owner not monitored
|
Pemantauan |
Security Health Analytics
|
Route not monitored
|
Pemantauan |
Security Health Analytics
|
MFA not enforced
|
Autentikasi |
Security Health Analytics
|
Default network
|
Jaringan |
Security Health Analytics
|
DNS logging disabled
|
Jaringan |
Security Health Analytics
|
Legacy network
|
Jaringan |
Security Health Analytics
|
Load balancer logging disabled
|
Jaringan |
Security Health Analytics
|
Org policy Confidential VM policy
|
Kebijakan organisasi |
Security Health Analytics
|
Org policy location restriction
|
Kebijakan organisasi |
Security Health Analytics
|
Pubsub CMEK disabled
|
Pub/Sub |
Security Health Analytics
|
AlloyDB auto backup disabled
|
AlloyDB |
Security Health Analytics
|
AlloyDB backups disabled
|
AlloyDB |
Security Health Analytics
|
AlloyDB CMEK disabled
|
AlloyDB |
Security Health Analytics
|
AlloyDB log min error statement severity
|
AlloyDB |
Security Health Analytics
|
AlloyDB log min messages
|
AlloyDB |
Security Health Analytics
|
AlloyDB log error verbosity
|
AlloyDB |
Security Health Analytics
|
AlloyDB public IP
|
AlloyDB |
Security Health Analytics
|
AlloyDB SSL not enforced
|
AlloyDB |
Security Health Analytics
|
Auto backup disabled
|
Cloud SQL |
Security Health Analytics
|
Public SQL instance
|
Cloud SQL |
Security Health Analytics
|
SSL not enforced
|
Cloud SQL |
Security Health Analytics
|
SQL CMEK disabled
|
Cloud SQL |
Security Health Analytics
|
SQL contained database authentication
|
Cloud SQL |
Security Health Analytics
|
SQL cross DB ownership chaining
|
Cloud SQL |
Security Health Analytics
|
SQL external scripts enabled
|
Cloud SQL |
Security Health Analytics
|
SQL local infile
|
Cloud SQL |
Security Health Analytics
|
SQL log checkpoints disabled
|
Cloud SQL |
Security Health Analytics
|
SQL log connections disabled
|
Cloud SQL |
Security Health Analytics
|
SQL log disconnections disabled
|
Cloud SQL |
Security Health Analytics
|
SQL log duration disabled
|
Cloud SQL |
Security Health Analytics
|
SQL log error verbosity
|
Cloud SQL |
Security Health Analytics
|
SQL log lock waits disabled
|
Cloud SQL |
Security Health Analytics
|
SQL log min duration statement enabled
|
Cloud SQL |
Security Health Analytics
|
SQL log min error statement
|
Cloud SQL |
Security Health Analytics
|
SQL log min error statement severity
|
Cloud SQL |
Security Health Analytics
|
SQL log min messages
|
Cloud SQL |
Security Health Analytics
|
SQL log executor stats enabled
|
Cloud SQL |
Security Health Analytics
|
SQL log hostname enabled
|
Cloud SQL |
Security Health Analytics
|
SQL log parser stats enabled
|
Cloud SQL |
Security Health Analytics
|
SQL log planner stats enabled
|
Cloud SQL |
Security Health Analytics
|
SQL log statement
|
Cloud SQL |
Security Health Analytics
|
SQL log statement stats enabled
|
Cloud SQL |
Security Health Analytics
|
SQL log temp files
|
Cloud SQL |
Security Health Analytics
|
SQL no root password
|
Cloud SQL |
Security Health Analytics
|
SQL public IP
|
Cloud SQL |
Security Health Analytics
|
SQL remote access enabled
|
Cloud SQL |
Security Health Analytics
|
SQL skip show database disabled
|
Cloud SQL |
Security Health Analytics
|
SQL trace flag 3625
|
Cloud SQL |
Security Health Analytics
|
SQL user connections configured
|
Cloud SQL |
Security Health Analytics
|
SQL user options configured
|
Cloud SQL |
Security Health Analytics
|
SQL weak root password
|
Cloud SQL |
Security Health Analytics
|
Bucket CMEK disabled
|
Cloud Storage |
Security Health Analytics
|
Bucket policy only disabled
|
Cloud Storage |
Security Health Analytics
|
Public bucket ACL
|
Cloud Storage |
Security Health Analytics
|
Public log bucket
|
Cloud Storage |
Security Health Analytics
|
Flow logs disabled
|
Subnetwork |
Security Health Analytics
|
Flow logs settings not recommended
|
Subnetwork |
Security Health Analytics
|
Private Google access disabled
|
Subnetwork |
Security Health Analytics
|
AWS findings
|
AWS |
Security Health Analytics
|
Accessible Git repository
|
Aplikasi web |
Web Security Scanner
|
Accessible SVN repository
|
Aplikasi web |
Web Security Scanner
|
Accessible ENV File
|
Aplikasi web |
Web Security Scanner
|
Cacheable password input
|
Aplikasi web |
Web Security Scanner
|
Clear text password
|
Aplikasi web |
Web Security Scanner
|
Insecure allow origin ends with validation
|
Aplikasi web |
Web Security Scanner
|
Insecure allow origin starts with validation
|
Aplikasi web |
Web Security Scanner
|
Invalid content type
|
Aplikasi web |
Web Security Scanner
|
Invalid header
|
Aplikasi web |
Web Security Scanner
|
Mismatching security header values
|
Aplikasi web |
Web Security Scanner
|
Misspelled security header name
|
Aplikasi web |
Web Security Scanner
|
Mixed content
|
Aplikasi web |
Web Security Scanner
|
Outdated library
|
Aplikasi web |
Web Security Scanner
|
Server side request forgery
|
Aplikasi web |
Web Security Scanner
|
Session ID leak
|
Aplikasi web |
Web Security Scanner
|
SQL injection
|
Aplikasi web |
Web Security Scanner
|
Struts insecure deserialization
|
Aplikasi web |
Web Security Scanner
|
XSS
|
Aplikasi web |
Web Security Scanner
|
XSS angular callback
|
Aplikasi web |
Web Security Scanner
|
XSS error
|
Aplikasi web |
Web Security Scanner
|
XXE reflected file leakage
|
Aplikasi web |
Web Security Scanner
|
Prototype pollution
|
Aplikasi web |
Web Security Scanner
|
Hsts Misconfiguration
|
Aplikasi web |
Web Security Scanner
|
Content Security Policy Header Missing
|
Aplikasi web |
Web Security Scanner
|
Content Security Policy Header Misconfigured
|
Aplikasi web |
Web Security Scanner
|
Cross-Origin-Opener-Policy Header Missing
|
Aplikasi web |
Web Security Scanner
|
Clickjacking Protection Missing
|
Aplikasi web |
Web Security Scanner
|
IAM role has excessive permissions
|
IAM |
Pemberi rekomendasi IAM
|
Service agent role replaced with basic role
|
IAM |
Pemberi rekomendasi IAM
|
Service agent granted basic role
|
IAM |
Pemberi rekomendasi IAM
|
Unused IAM role
|
IAM |
Pemberi rekomendasi IAM
|
Assumed identity has excessive permissions
|
IAM |
Pengelolaan Hak Akses Infrastruktur Cloud
|
Group has excessive permissions
|
IAM |
Pengelolaan Hak Akses Infrastruktur Cloud
|
User has excessive permissions
|
IAM |
Pengelolaan Hak Akses Infrastruktur Cloud
|
User is inactive
|
IAM |
Pengelolaan Hak Akses Infrastruktur Cloud
|
Group is inactive
|
IAM |
Pengelolaan Hak Akses Infrastruktur Cloud
|
Assumed identity is inactive
|
IAM |
Pengelolaan Hak Akses Infrastruktur Cloud
|
Overly permissive trust policy enforced on assumed identity
|
IAM |
Pengelolaan Hak Akses Infrastruktur Cloud
|
Assumed identity has lateral movement risk
|
IAM |
Pengelolaan Hak Akses Infrastruktur Cloud
|
Floor settings violation
|
Model Armor |
Model Armor
|
SHA Canned Module Drifted
|
Postur keamanan |
Postur keamanan
|
SHA Custom Module Drifted
|
Postur keamanan |
Postur keamanan
|
SHA Custom Module Deleted
|
Postur keamanan |
Postur keamanan
|
Org Policy Canned Constraint Drifted
|
Postur keamanan |
Postur keamanan
|
Org Policy Canned Constraint Deleted
|
Postur keamanan |
Postur keamanan
|
Org Policy Custom Constraint Drifted
|
Postur keamanan |
Postur keamanan
|
Org Policy Custom Constraint Deleted
|
Postur keamanan |
Postur keamanan
|
Disable VPC External IPv6
|
Postur keamanan |
Postur keamanan
|
Disable VPC Internal IPv6
|
Postur keamanan |
Postur keamanan
|
Require OS Login
|
Postur keamanan |
Postur keamanan
|
Restrict Authorized Networks
|
Postur keamanan |
Postur keamanan
|
Require VPC Connector
|
Postur keamanan |
Postur keamanan
|
Disabled Serial Port Access
|
Postur keamanan |
Postur keamanan
|
Skip Default Network Creation
|
Postur keamanan |
Postur keamanan
|
Allowed Ingress
|
Postur keamanan |
Postur keamanan
|
Uniform Bucket Level Access
|
Postur keamanan |
Postur keamanan
|
Allowed VPC Egress
|
Postur keamanan |
Postur keamanan
|
OS vulnerability
|
Compute Engine |
VM Manager
|
Container image vulnerability
|
Artifact Registry |
Penilaian kerentanan Artifact Registry
|
Software vulnerability
|
Agent Platform |
Perlindungan AI
|
Public sensitive data
|
Aset data |
Sensitive Data Protection
|
Secrets in environment variables
|
Komputasi serverless |
Sensitive Data Protection
|
Secrets in storage
|
Aset data |
Sensitive Data Protection
|
Gemini model not protected by Model Armor
|
Model Armor |
Model Armor
|
Gemini model detected
|
Model Armor |
Model Armor
|
