Skip to content

Commit

Permalink
Add platform filters to every azure query (#153)
Browse files Browse the repository at this point in the history 
These were trying to run on every fine grained asset.

Signed-off-by: Tim Smith <[email protected]>
  • Loading branch information
@tas50
tas50 authored Jun 21, 2024
1 parent ca14ad2 commit de5d817
Showing 1 changed file with 14 additions and 34 deletions.
48 changes: 14 additions & 34 deletions core/mondoo-azure-inventory.mql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,22 +55,22 @@ packs:
queries:
- uid: mondoo-asset-inventory-azure-roleDefinitions
title: Azure role definitions
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all role definitions in the subscription
mql: azure.subscription.authorization.roleDefinitions



- uid: mondoo-asset-inventory-azure-cloudDefender
title: Microsoft Defender for Cloud configuration
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for Microsoft Defender for Cloud
mql: azure.subscription.cloudDefender { defenderForServers defenderForContainers securityContacts { name alertNotifications } }



- uid: mondoo-asset-inventory-azure-storageAccounts
title: Azure Storage accounts
docs:
Expand All @@ -87,7 +87,6 @@ queries:
mql: azure.subscription.storage.accounts



- uid: mondoo-asset-inventory-azure-storageAccounts-containers
title: Azure Storage account containers
docs:
Expand All @@ -104,7 +103,6 @@ queries:
mql: azure.subscription.storage.account.containers



- uid: mondoo-asset-inventory-azure-storageAccounts-blobs
title: Azure storage accounts blobs
docs:
Expand All @@ -121,7 +119,6 @@ queries:
mql: azure.subscription.storage.account.blobProperties



- uid: mondoo-asset-inventory-azure-storageAccounts-tables
title: Azure Storage accounts tables
docs:
Expand All @@ -138,7 +135,6 @@ queries:
mql: azure.subscription.storage.account.tableProperties



- uid: mondoo-asset-inventory-azure-sqlServers
title: Azure SQL Database servers
docs:
Expand All @@ -155,7 +151,6 @@ queries:
mql: azure.subscription.sql.server



- uid: mondoo-asset-inventory-azure-sqlServers-firewallrules
title: Azure SQL Database server firewall rules
docs:
Expand All @@ -172,7 +167,6 @@ queries:
mql: azure.subscription.sql.server.firewallRules



- uid: mondoo-asset-inventory-azure-sqlServers-databases
title: Azure SQL Database server databases
docs:
Expand All @@ -189,7 +183,6 @@ queries:
mql: azure.subscription.sql.server.databases



- uid: mondoo-asset-inventory-azure-postgresql
title: Azure PostgreSQL servers
docs:
Expand All @@ -212,9 +205,6 @@ queries:
mql: azure.subscription.postgreSql.flexibleServer





- uid: mondoo-asset-inventory-azure-postgresql-firewallrules
title: Azure PostgreSQL server firewall rules
docs:
Expand All @@ -237,7 +227,6 @@ queries:
mql: azure.subscription.postgreSql.flexibleServer.firewallRules



- uid: mondoo-asset-inventory-azure-mysql-firewallrules
title: Azure MySQL servers
docs:
Expand All @@ -260,7 +249,6 @@ queries:
mql: azure.subscription.mySql.flexibleServer.firewallRules



- uid: mondoo-asset-inventory-azure-mysql
title: Azure MySQL servers
docs:
Expand Down Expand Up @@ -299,16 +287,15 @@ queries:
mql: azure.subscription.mariaDb.server



- uid: mondoo-asset-inventory-azure-diagnosticSettings
title: Azure diagnostic settings
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all diagnostic settings
mql: azure.subscription.monitor.diagnosticSettings



- uid: mondoo-asset-inventory-azure-keyVaults
title: Azure Key Vault vaults
docs:
Expand All @@ -325,7 +312,6 @@ queries:
mql: azure.subscription.keyVault.vault



- uid: mondoo-asset-inventory-azure-keyVaults-keys
title: Azure Key Vault vault keys
docs:
Expand All @@ -342,7 +328,6 @@ queries:
mql: azure.subscription.keyVault.vault.keys



- uid: mondoo-asset-inventory-azure-keyVaults-secrets
title: Azure Key Vault vault secrets
docs:
Expand All @@ -359,7 +344,6 @@ queries:
mql: azure.subscription.keyVault.vault.secrets



- uid: mondoo-asset-inventory-azure-keyVaults-certificates
title: Azure Key Vault vault certificates
docs:
Expand All @@ -376,17 +360,15 @@ queries:
mql: azure.subscription.keyVault.vault.certificates




- uid: mondoo-asset-inventory-azure-activitylogs
title: Azure activity logs
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all activity logs
mql: azure.subscription.monitor.activityLog



- uid: mondoo-asset-inventory-azure-networkSecurityGroups
title: Azure network security groups
docs:
Expand All @@ -403,16 +385,15 @@ queries:
mql: azure.subscription.network.securityGroup



- uid: mondoo-asset-inventory-azure-publicip
title: Azure public IP addresses
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves all public IP addresses in your subscription
mql: azure.subscription.networkService.publicIpAddresses{ name location ipAddress }



- uid: mondoo-asset-inventory-azure-virtualmachines
title: Azure virtual machines
docs:
Expand All @@ -429,7 +410,6 @@ queries:
mql: azure.subscription.compute.vm



- uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk
title: Azure virtual machines with managed disks
docs:
Expand All @@ -446,81 +426,81 @@ queries:
mql: azure.subscription.compute.vm.properties["storageProfile"]["osDisk"]["managedDisk"] != empty



- uid: mondoo-asset-inventory-azure-webapp
title: Azure web apps
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all web apps
mql: azure.subscription.web.apps



- uid: mondoo-asset-inventory-azure-cosmosDb
title: Azure Cosmos DB accounts
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all Cosmos DB accounts
mql: azure.subscription.cosmosDb.accounts



- uid: mondoo-asset-inventory-azure-applicationInsight
title: Azure Monitor Application Insights
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all Application Insights
mql: azure.subscription.monitor.applicationInsights



- uid: mondoo-asset-inventory-azure-networkWatcher
title: Azure Network Watchers
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for Azure Network Watchers
mql: azure.subscription.network.watchers



- uid: mondoo-asset-inventory-azure-bastionHosts
title: Azure Bastion hosts
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all Bastion hosts
mql: azure.subscription.network.bastionHosts



- uid: mondoo-asset-inventory-azure-compute-disks
title: Compute disks
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all compute disks available in the subscription
mql: azure.subscription.compute.disks



- uid: mondoo-asset-inventory-azure-network-interfaces
title: Network interfaces
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all network interfaces
mql: azure.subscription.network.interfaces{ name location properties['nicType'] properties['nicType'] properties['macAddress'] properties['virtualMachine']['id'] }



- uid: mondoo-asset-inventory-azure-resourcegroups
title: Azure subscription resource groups
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all resource groups inside the subscription
mql: azure.subscription.resourceGroups



- uid: mondoo-asset-inventory-azure-resources
title: Azure subscription resources
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all resources inside the subscription
Expand Down

0 comments on commit de5d817

Please sign in to comment.