Coder Social home page Coder Social logo

Comments (4)

misraved avatar misraved commented on June 11, 2024

Thanks @fgomesz for using Steampipe 👍 , hope you are having a good experience !!

The concern mentioned in this issue does look valid. Thanks for highlighting this, we will dig in a bit more and add the correct query to the control 👍

from steampipe-mod-azure-compliance.

rajlearner17 avatar rajlearner17 commented on June 11, 2024

@fgomesz Appreciate this catch. Thanks
Definitely a few observations while reviewing this issue, let me know if it explains

The link for control Azure DDoS Protection Standard should be enabled
in Steampipe Azure Mods holds the control for NIST, however, tagged wrongly to hipaa_hitrust_v92 = true > we will correct this

In mods, we re-use some of these queries to avoid re-work.

The same query (network_security_group_udp_service_restricted.sql) is used in the below controls

  • Cis_v130_6_6 >> (Cis > 6.6 Ensure that UDP Services are restricted from the Internet (Automated)
  • Nist_sp_800_53_rev_5_sc_5 >> DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP. (Ref)

The reason, why the same query was referenced
Neither CIS nor Nist steps are mentioned in their respective content with specific steps.

  • CIS has stressed on to use Azure NSG in the audit steps.
  • When we analyzed Azure in its policy, there is no direct validation steps included
  • Considering the CIS audit steps more reliable, we developed the query in the same model.

But, we understand it might be confusing, we are checking this internally to separate this as well.

The table azure_virtual_network inherently supports enable_ddos_protection attribute as mentioned here, we can bring this part of the NIST control validation
PR reference - Still we are checking further to re-validate before release next week.

Share your feedback.

from steampipe-mod-azure-compliance.

fgomesz avatar fgomesz commented on June 11, 2024

Thank you for looking into this and sorry for wasting your time.

from steampipe-mod-azure-compliance.

e-gineer avatar e-gineer commented on June 11, 2024

@fgomesz Definitely not a waste of time!

You found a bug in our tagging of the control 👍 and we really appreciate people working through these in detail - it's critical to keeping them as well described and accurate as possible!

Thank you. Please keep those issues (and PRs) coming!

from steampipe-mod-azure-compliance.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.