Comments (4)
Thanks @fgomesz for using Steampipe 👍 , hope you are having a good experience !!
The concern mentioned in this issue does look valid. Thanks for highlighting this, we will dig in a bit more and add the correct query to the control 👍
from steampipe-mod-azure-compliance.
@fgomesz Appreciate this catch. Thanks
Definitely a few observations while reviewing this issue, let me know if it explains
The link for control Azure DDoS Protection Standard should be enabled
in Steampipe Azure Mods holds the control for NIST, however, tagged wrongly to hipaa_hitrust_v92 = true > we will correct this
In mods, we re-use some of these queries to avoid re-work.
The same query (network_security_group_udp_service_restricted.sql) is used in the below controls
- Cis_v130_6_6 >> (Cis > 6.6 Ensure that UDP Services are restricted from the Internet (Automated)
- Nist_sp_800_53_rev_5_sc_5 >> DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP. (Ref)
The reason, why the same query was referenced
Neither CIS nor Nist steps are mentioned in their respective content with specific steps.
- CIS has stressed on to use Azure NSG in the audit steps.
- When we analyzed Azure in its policy, there is no direct validation steps included
- Considering the CIS audit steps more reliable, we developed the query in the same model.
But, we understand it might be confusing, we are checking this internally to separate this as well.
The table azure_virtual_network
inherently supports enable_ddos_protection
attribute as mentioned here, we can bring this part of the NIST control validation
PR reference - Still we are checking further to re-validate before release next week.
Share your feedback.
from steampipe-mod-azure-compliance.
Thank you for looking into this and sorry for wasting your time.
from steampipe-mod-azure-compliance.
@fgomesz Definitely not a waste of time!
You found a bug in our tagging of the control 👍 and we really appreciate people working through these in detail - it's critical to keeping them as well described and accurate as possible!
Thank you. Please keep those issues (and PRs) coming!
from steampipe-mod-azure-compliance.
Related Issues (20)
- Add common and tag dimensions across compliance queries HOT 1
- Missing implementation of CIS 3.14 HOT 1
- Missing implementation of CIS 4.3.7 HOT 2
- Keep consistency in indicating vulnerable resources (3.10)
- Update Benchmark: HIPAA HITRUST 9.2
- Fix query sql_database_allow_internet_access for setting specified endIpAddress
- Ensure that 'Data encryption' is set to 'On' on a SQL query should ignore master database
- control.cis_v200_5_1_3 is returning false negatives HOT 2
- control.cis_v200_5_1_4 is returning false negatives HOT 2
- Update Benchmark: NIST SP 800-53 Revision 5
- Add additional controls to 'Other Compliance Checks'
- Use single query for checking for appservice azure defender enable check
- Fix CIS v2.0.0 5.2.X by replacing alert.location = 'global' & removing additional alert.condition for 'resourceType' HOT 5
- Add/Update monthly controls [Oct 23]
- Handle error null in iam_user_not_allowed_to_create_security_group & iam_user_not_allowed_to_register_application HOT 2
- Update mod.sp to address deprecation warning
- compute_vm_tcp_udp_access_restricted_internet fails to evaluate join condition
- Depending on aggregated subscriptions, duplicate benchmark results with the same result HOT 1
- Kubernetes Outdated Software Version Regex bug HOT 1
- Add SOC 2 controls for Azure HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from steampipe-mod-azure-compliance.