From de5d81790ee03a294ca95344e22ec0b33d16fe93 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Fri, 21 Jun 2024 10:31:37 -0700 Subject: [PATCH] Add platform filters to every azure query (#153) These were trying to run on every fine grained asset. Signed-off-by: Tim Smith --- core/mondoo-azure-inventory.mql.yaml | 48 ++++++++-------------------- 1 file changed, 14 insertions(+), 34 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 1be6f86..535a704 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -55,22 +55,22 @@ packs: queries: - uid: mondoo-asset-inventory-azure-roleDefinitions title: Azure role definitions + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all role definitions in the subscription mql: azure.subscription.authorization.roleDefinitions - - uid: mondoo-asset-inventory-azure-cloudDefender title: Microsoft Defender for Cloud configuration + filters: asset.platform == "azure" docs: desc: | This query retrieves data for Microsoft Defender for Cloud mql: azure.subscription.cloudDefender { defenderForServers defenderForContainers securityContacts { name alertNotifications } } - - uid: mondoo-asset-inventory-azure-storageAccounts title: Azure Storage accounts docs: @@ -87,7 +87,6 @@ queries: mql: azure.subscription.storage.accounts - - uid: mondoo-asset-inventory-azure-storageAccounts-containers title: Azure Storage account containers docs: @@ -104,7 +103,6 @@ queries: mql: azure.subscription.storage.account.containers - - uid: mondoo-asset-inventory-azure-storageAccounts-blobs title: Azure storage accounts blobs docs: @@ -121,7 +119,6 @@ queries: mql: azure.subscription.storage.account.blobProperties - - uid: mondoo-asset-inventory-azure-storageAccounts-tables title: Azure Storage accounts tables docs: @@ -138,7 +135,6 @@ queries: mql: azure.subscription.storage.account.tableProperties - - uid: mondoo-asset-inventory-azure-sqlServers title: Azure SQL Database servers docs: @@ -155,7 +151,6 @@ queries: mql: azure.subscription.sql.server - - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules title: Azure SQL Database server firewall rules docs: @@ -172,7 +167,6 @@ queries: mql: azure.subscription.sql.server.firewallRules - - uid: mondoo-asset-inventory-azure-sqlServers-databases title: Azure SQL Database server databases docs: @@ -189,7 +183,6 @@ queries: mql: azure.subscription.sql.server.databases - - uid: mondoo-asset-inventory-azure-postgresql title: Azure PostgreSQL servers docs: @@ -212,9 +205,6 @@ queries: mql: azure.subscription.postgreSql.flexibleServer - - - - uid: mondoo-asset-inventory-azure-postgresql-firewallrules title: Azure PostgreSQL server firewall rules docs: @@ -237,7 +227,6 @@ queries: mql: azure.subscription.postgreSql.flexibleServer.firewallRules - - uid: mondoo-asset-inventory-azure-mysql-firewallrules title: Azure MySQL servers docs: @@ -260,7 +249,6 @@ queries: mql: azure.subscription.mySql.flexibleServer.firewallRules - - uid: mondoo-asset-inventory-azure-mysql title: Azure MySQL servers docs: @@ -299,16 +287,15 @@ queries: mql: azure.subscription.mariaDb.server - - uid: mondoo-asset-inventory-azure-diagnosticSettings title: Azure diagnostic settings + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all diagnostic settings mql: azure.subscription.monitor.diagnosticSettings - - uid: mondoo-asset-inventory-azure-keyVaults title: Azure Key Vault vaults docs: @@ -325,7 +312,6 @@ queries: mql: azure.subscription.keyVault.vault - - uid: mondoo-asset-inventory-azure-keyVaults-keys title: Azure Key Vault vault keys docs: @@ -342,7 +328,6 @@ queries: mql: azure.subscription.keyVault.vault.keys - - uid: mondoo-asset-inventory-azure-keyVaults-secrets title: Azure Key Vault vault secrets docs: @@ -359,7 +344,6 @@ queries: mql: azure.subscription.keyVault.vault.secrets - - uid: mondoo-asset-inventory-azure-keyVaults-certificates title: Azure Key Vault vault certificates docs: @@ -376,17 +360,15 @@ queries: mql: azure.subscription.keyVault.vault.certificates - - - uid: mondoo-asset-inventory-azure-activitylogs title: Azure activity logs + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all activity logs mql: azure.subscription.monitor.activityLog - - uid: mondoo-asset-inventory-azure-networkSecurityGroups title: Azure network security groups docs: @@ -403,16 +385,15 @@ queries: mql: azure.subscription.network.securityGroup - - uid: mondoo-asset-inventory-azure-publicip title: Azure public IP addresses + filters: asset.platform == "azure" docs: desc: | This query retrieves all public IP addresses in your subscription mql: azure.subscription.networkService.publicIpAddresses{ name location ipAddress } - - uid: mondoo-asset-inventory-azure-virtualmachines title: Azure virtual machines docs: @@ -429,7 +410,6 @@ queries: mql: azure.subscription.compute.vm - - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk title: Azure virtual machines with managed disks docs: @@ -446,81 +426,81 @@ queries: mql: azure.subscription.compute.vm.properties["storageProfile"]["osDisk"]["managedDisk"] != empty - - uid: mondoo-asset-inventory-azure-webapp title: Azure web apps + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all web apps mql: azure.subscription.web.apps - - uid: mondoo-asset-inventory-azure-cosmosDb title: Azure Cosmos DB accounts + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all Cosmos DB accounts mql: azure.subscription.cosmosDb.accounts - - uid: mondoo-asset-inventory-azure-applicationInsight title: Azure Monitor Application Insights + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all Application Insights mql: azure.subscription.monitor.applicationInsights - - uid: mondoo-asset-inventory-azure-networkWatcher title: Azure Network Watchers + filters: asset.platform == "azure" docs: desc: | This query retrieves data for Azure Network Watchers mql: azure.subscription.network.watchers - - uid: mondoo-asset-inventory-azure-bastionHosts title: Azure Bastion hosts + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all Bastion hosts mql: azure.subscription.network.bastionHosts - - uid: mondoo-asset-inventory-azure-compute-disks title: Compute disks + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all compute disks available in the subscription mql: azure.subscription.compute.disks - - uid: mondoo-asset-inventory-azure-network-interfaces title: Network interfaces + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all network interfaces mql: azure.subscription.network.interfaces{ name location properties['nicType'] properties['nicType'] properties['macAddress'] properties['virtualMachine']['id'] } - - uid: mondoo-asset-inventory-azure-resourcegroups title: Azure subscription resource groups + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all resource groups inside the subscription mql: azure.subscription.resourceGroups - - uid: mondoo-asset-inventory-azure-resources title: Azure subscription resources + filters: asset.platform == "azure" docs: desc: | This query retrieves data for all resources inside the subscription