From a2b7015e4794bb28dd770ce88e015e629828fcff Mon Sep 17 00:00:00 2001 From: hrouhan <56231339+HRouhani@users.noreply.github.com> Date: Thu, 20 Apr 2023 10:51:24 +0200 Subject: [PATCH] =?UTF-8?q?=E2=AD=90=EF=B8=8F=20azure=20query=20packs=20(#?= =?UTF-8?q?59)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/mondoo-azure-inventory.mql.yaml | 215 +++++++++++++++++++++++++++ 1 file changed, 215 insertions(+) create mode 100644 core/mondoo-azure-inventory.mql.yaml diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml new file mode 100644 index 0000000..e6d1437 --- /dev/null +++ b/core/mondoo-azure-inventory.mql.yaml @@ -0,0 +1,215 @@ +packs: + - uid: mondoo-asset-inventory-azure + name: Azure Asset Inventory Pack + version: 1.0.0 + authors: + - name: Mondoo, Inc + email: hello@mondoo.com + tags: + mondoo.com/platform: azure,cloud + mondoo.com/category: best-practices + docs: + desc: | + The Azure Asset Inventory by Mondoo query pack retrieves information about Azure subscriptions for asset inventory. + filters: + asset.platform == "azure" + platform.kind == "api" + queries: + - uid: mondoo-asset-inventory-azure-subscription-id + title: Retrieve Azure subscription ID + docs: + desc: | + This query retrieves the Azure subscription id + query: azure.subscription.id + - uid: mondoo-asset-inventory-azure-networks + title: Retrieve data on all securityGroups + docs: + desc: | + This query retrieves all of the configuration data for Azure securityGroups + query: azure.subscription.network.securityGroups { * } + - uid: mondoo-asset-inventory-azure-roleDefinitions + title: Retrieve data for all Azure roleDefinitions + docs: + desc: | + This query retrieves data for all Role definitions in the subscription + query: azure.subscription.authorizationService.roleDefinitions {*} + - uid: mondoo-asset-inventory-azure-cloudDefender + title: Retrieve data for all Azure CloudDefender + docs: + desc: | + This query retrieves data for cloudDefender + query: azure.subscription.cloudDefender {*} + - uid: mondoo-asset-inventory-azure-storageAccounts + title: Retrieve data for all Azure storage accounts + docs: + desc: | + This query retrieves data for all storage accounts + query: azure.subscription.storage.accounts {*} + - uid: mondoo-asset-inventory-azure-storageAccounts-containers + title: Retrieve data for all containers in Azure storage accounts + docs: + desc: | + This query retrieves data for all containers in storage accounts + query: azure.subscription.storage.accounts { containers {*} } + - uid: mondoo-asset-inventory-azure-storageAccounts-blobs + title: Retrieve data for all blobs in Azure storage accounts + docs: + desc: | + This query retrieves data for all blobs in storage accounts + query: azure.subscription.storage.accounts { blobProperties {*} } + - uid: mondoo-asset-inventory-azure-storageAccounts-tables + title: Retrieve data for all tables in Azure storage accounts + docs: + desc: | + This query retrieves data for all tables in storage accounts + query: azure.subscription.storage.accounts { tableProperties {*} } + - uid: mondoo-asset-inventory-azure-sqlServers + title: Retrieve data for all Azure sql servers + docs: + desc: | + This query retrieves data for all sql servers + query: azure.subscription.sql.servers {*} + - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules + title: Retrieve data for all firewall rules in Azure sql servers + docs: + desc: | + This query retrieves data for all firewall rules in sql servers + query: azure.subscription.sql.servers { firewallRules } + - uid: mondoo-asset-inventory-azure-sqlServers-databases + title: Retrieve data for all databases in Azure sql servers + docs: + desc: | + This query retrieves data for all databases in sql servers + query: azure.subscription.sql.servers { databases } + - uid: mondoo-asset-inventory-azure-postgresql + title: Retrieve data for all Azure postgresql servers + docs: + desc: | + This query retrieves data for all postgresql servers + query: azure.subscription.postgresql.servers {*} + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules + title: Retrieve data for all firewall rules in Azure postgresql servers + docs: + desc: | + This query retrieves data for all firewall rules in postgresql servers + query: azure.subscription.postgresql.servers { firewallRules } + - uid: mondoo-asset-inventory-azure-mysql + title: Retrieve data for all Azure MySQL servers + docs: + desc: | + This query retrieves data for all sql servers + query: azure.subscription.mysql.servers {*} + - uid: mondoo-asset-inventory-azure-mariaDb + title: Retrieve data for all Azure mariaDb servers + docs: + desc: | + This query retrieves data for all mariaDb servers + query: azure.subscription.mariaDb.servers {*} + - uid: mondoo-asset-inventory-azure-diagnosticSettings + title: Retrieve data for all Azure diagnostic Settings + docs: + desc: | + This query retrieves data for all diagnostic Settings + query: azure.subscription.monitor.diagnosticSettings {*} + - uid: mondoo-asset-inventory-azure-keyVaults + title: Retrieve data for all Azure Key Vaults + docs: + desc: | + This query retrieves data for all Key Vaults + query: azure.subscription.keyVault.vaults {*} + - uid: mondoo-asset-inventory-azure-keyVaults-keys + title: Retrieve data for all Azure Key Vaults keys + docs: + desc: | + This query retrieves data for all keys in Key Vaults + query: azure.subscription.keyVault.vaults { keys } + - uid: mondoo-asset-inventory-azure-keyVaults-secrets + title: Retrieve data for all Azure Key Vaults secrets + docs: + desc: | + This query retrieves data for all secrets in Key Vaults + query: azure.subscription.keyVault.vaults { secrets } + - uid: mondoo-asset-inventory-azure-keyVaults-certificates + title: Retrieve data for all Azure Key Vaults certificates + docs: + desc: | + This query retrieves data for all certificates in Key Vaults + query: azure.subscription.keyVault.vaults { certificates } + - uid: mondoo-asset-inventory-azure-activitylogs + title: Retrieve data for all Azure activity logs + docs: + desc: | + This query retrieves data for all activity logs + query: azure.subscription.monitor.activityLog {*} + - uid: mondoo-asset-inventory-azure-networkSecurityGroups + title: Retrieve data for all Azure network security groups + docs: + desc: | + This query retrieves data for all network security groups + query: azure.subscription.network.securityGroups {*} + - uid: mondoo-asset-inventory-azure-virtualmachines + title: Retrieve data for all Azure virtual machines + docs: + desc: | + This query retrieves data for all virtual machines + query: azure.subscription.compute.vms {*} + - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk + title: Retrieve data for all Azure virtual machines with managed disks + docs: + desc: | + This query retrieves data for all virtual machines with managed disks + query: azure.subscription.compute.vms.where( properties["storageProfile"]["osDisk"]["managedDisk"].length > 0 ) + - uid: mondoo-asset-inventory-azure-webapp + title: Retrieve data for all Azure web apps + docs: + desc: | + This query retrieves data for all web apps + query: azure.subscription.web.apps {*} + - uid: mondoo-asset-inventory-azure-cosmoDb + title: Retrieve data for all Azure cosmoDb accounts + docs: + desc: | + This query retrieves data for all cosmoDb accounts + query: azure.subscription.cosmosDb.accounts {*} + - uid: mondoo-asset-inventory-azure-applicationInsight + title: Retrieve data for all Azure applicationInsight + docs: + desc: | + This query retrieves data for all ApplicationInsight + query: azure.subscription.monitor.applicationInsights {*} + - uid: mondoo-asset-inventory-azure-networkWatcher + title: Retrieve data for all Azure network watchers + docs: + desc: | + This query retrieves data for all ApplicationInsight + query: azure.subscription.network.watchers {*} + - uid: mondoo-asset-inventory-azure-bastionHosts + title: Retrieve data for all Azure bastionHosts + docs: + desc: | + This query retrieves data for all bastionHosts + query: azure.subscription.network.bastionHosts {*} + - uid: mondoo-asset-inventory-azure-compute-disks + title: Retrieve data for all compute disks under the subscription + docs: + desc: | + This query retrieves data for all compute disks available in the subscription + query: azure.subscription.compute.disks {*} + - uid: mondoo-asset-inventory-azure-network-interfaces + title: Retrieve data for all network interfaces + docs: + desc: | + This query retrieves data for all network interfaces + query: azure.subscription.network.interfaces {*} + - uid: mondoo-asset-inventory-azure-resourcegroups + title: Retrieve data for all resource groups inside the subscription + docs: + desc: | + This query retrieves data for all resource groups inside the subscription + query: azure.subscription.resourceGroups {*} + - uid: mondoo-asset-inventory-azure-resources + title: Retrieve data for all resources inside the subscription + docs: + desc: | + This query retrieves data for all resources inside the subscription + query: azure.subscription.resources {*} \ No newline at end of file