khushboo9024
commented
2 weeks ago @hatlord Thanks for raising this issue. 👍
Azure CIS V3.0.0 is already updated and released , we will release the new cis v3.0.0 benchmark ASAP.
Open hatlord opened 1 month ago
khushboo9024
commented
2 weeks ago @hatlord Thanks for raising this issue. 👍
Azure CIS V3.0.0 is already updated and released , we will release the new cis v3.0.0 benchmark ASAP.
Describe the bug Azure SQL was deprecated as of 16th September. I have noticed a number of tools now failing to report issues against SQL (Scoutsuite for example) which may be down to changes in the API (Microsoft have moved to Azure SQL Flexible Server) - https://learn.microsoft.com/en-us/azure/mysql/migrate/whats-happening-to-mysql-single-server
Powerpipe version (
powerpipe -v) Powerpipe v0.4.3Steampipe version (
steampipe -v) Steampipe v0.24.2Plugin version (
steampipe plugin list) steampipe plugin list +--------------------------------------------------+---------+-------------+ | Installed | Version | Connections | +--------------------------------------------------+---------+-------------+ | hub.steampipe.io/plugins/turbot/azure@latest | 0.37.0 | azure | | hub.steampipe.io/plugins/turbot/azuread@latest | 0.8.3 | azuread | | hub.steampipe.io/plugins/turbot/steampipe@latest | 0.10.0 | steampipe | +--------------------------------------------------+---------+-------------+ CIS benchmark: CIS v2.1.0To reproduce Run the latest Azure compliance benchmark against an account that has Azure SQL servers. The sections relating to it, and all benchmark checks appear to be empty.
Expected behavior The benchmarks should return vulnerabilities relating to Azure SQL Flexible Servers
Additional context Sorry if this is in the wrong place, it might be classed as a feature request I suppose. It might also be that this cant be implemented until CIS update their benchmarks, although it seems the same sorts of findings apply. Cheers!