Azure Compliance Mod NSG Evaluation

turbot / steampipe-mod-azure-compliance

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, HIPAA HITRUST, NIST, and more across all of your Azure subscriptions using Powerpipe and Steampipe.

https://hub.powerpipe.io/mods/turbot/azure_compliance

Apache License 2.0

55 stars 14 forks source link

Azure Compliance Mod NSG Evaluation #137

Closed akahub closed 1 year ago

akahub commented 1 year ago

The NSG eval using the following query: https://github.com/turbot/steampipe-mod-azure-compliance/blob/main/query/network/network_security_group_rdp_access_restricted.sql

..does not detect RDP 3389 being exposed if the protocol is set to Any. However, if the same port is used but with protocol TCP, this gets picked up by the compliance check.

This means is that we may have rules set sing ANY protocol scattered around the environment which are not being detected.

misraved commented 1 year ago

Relevant slack thread - https://steampipe.slack.com/archives/C01UECB59A7/p1669302794872829

misraved commented 1 year ago

Fixed in https://github.com/turbot/steampipe-mod-azure-compliance/pull/138

akahub commented 1 year ago

@misraved thats amazing! I shall test this out in the next few days. Thank you

misraved commented 1 year ago

Thanks @akahub for the quick response 👍. Please let us know if you run into issues 👍 .