Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add platform filters to every azure query #153

Merged
merged 1 commit into from
Jun 21, 2024
Merged

Add platform filters to every azure query #153

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 14 additions & 34 deletions core/mondoo-azure-inventory.mql.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,22 +55,22 @@ packs:
queries:
- uid: mondoo-asset-inventory-azure-roleDefinitions
title: Azure role definitions
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all role definitions in the subscription
mql: azure.subscription.authorization.roleDefinitions



- uid: mondoo-asset-inventory-azure-cloudDefender
title: Microsoft Defender for Cloud configuration
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for Microsoft Defender for Cloud
mql: azure.subscription.cloudDefender { defenderForServers defenderForContainers securityContacts { name alertNotifications } }



- uid: mondoo-asset-inventory-azure-storageAccounts
title: Azure Storage accounts
docs:
Expand All @@ -87,7 +87,6 @@ queries:
mql: azure.subscription.storage.accounts



- uid: mondoo-asset-inventory-azure-storageAccounts-containers
title: Azure Storage account containers
docs:
Expand All @@ -104,7 +103,6 @@ queries:
mql: azure.subscription.storage.account.containers



- uid: mondoo-asset-inventory-azure-storageAccounts-blobs
title: Azure storage accounts blobs
docs:
Expand All @@ -121,7 +119,6 @@ queries:
mql: azure.subscription.storage.account.blobProperties



- uid: mondoo-asset-inventory-azure-storageAccounts-tables
title: Azure Storage accounts tables
docs:
Expand All @@ -138,7 +135,6 @@ queries:
mql: azure.subscription.storage.account.tableProperties



- uid: mondoo-asset-inventory-azure-sqlServers
title: Azure SQL Database servers
docs:
Expand All @@ -155,7 +151,6 @@ queries:
mql: azure.subscription.sql.server



- uid: mondoo-asset-inventory-azure-sqlServers-firewallrules
title: Azure SQL Database server firewall rules
docs:
Expand All @@ -172,7 +167,6 @@ queries:
mql: azure.subscription.sql.server.firewallRules



- uid: mondoo-asset-inventory-azure-sqlServers-databases
title: Azure SQL Database server databases
docs:
Expand All @@ -189,7 +183,6 @@ queries:
mql: azure.subscription.sql.server.databases



- uid: mondoo-asset-inventory-azure-postgresql
title: Azure PostgreSQL servers
docs:
Expand All @@ -212,9 +205,6 @@ queries:
mql: azure.subscription.postgreSql.flexibleServer





- uid: mondoo-asset-inventory-azure-postgresql-firewallrules
title: Azure PostgreSQL server firewall rules
docs:
Expand All @@ -237,7 +227,6 @@ queries:
mql: azure.subscription.postgreSql.flexibleServer.firewallRules



- uid: mondoo-asset-inventory-azure-mysql-firewallrules
title: Azure MySQL servers
docs:
Expand All @@ -260,7 +249,6 @@ queries:
mql: azure.subscription.mySql.flexibleServer.firewallRules



- uid: mondoo-asset-inventory-azure-mysql
title: Azure MySQL servers
docs:
Expand Down Expand Up @@ -299,16 +287,15 @@ queries:
mql: azure.subscription.mariaDb.server



- uid: mondoo-asset-inventory-azure-diagnosticSettings
title: Azure diagnostic settings
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all diagnostic settings
mql: azure.subscription.monitor.diagnosticSettings



- uid: mondoo-asset-inventory-azure-keyVaults
title: Azure Key Vault vaults
docs:
Expand All @@ -325,7 +312,6 @@ queries:
mql: azure.subscription.keyVault.vault



- uid: mondoo-asset-inventory-azure-keyVaults-keys
title: Azure Key Vault vault keys
docs:
Expand All @@ -342,7 +328,6 @@ queries:
mql: azure.subscription.keyVault.vault.keys



- uid: mondoo-asset-inventory-azure-keyVaults-secrets
title: Azure Key Vault vault secrets
docs:
Expand All @@ -359,7 +344,6 @@ queries:
mql: azure.subscription.keyVault.vault.secrets



- uid: mondoo-asset-inventory-azure-keyVaults-certificates
title: Azure Key Vault vault certificates
docs:
Expand All @@ -376,17 +360,15 @@ queries:
mql: azure.subscription.keyVault.vault.certificates




- uid: mondoo-asset-inventory-azure-activitylogs
title: Azure activity logs
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all activity logs
mql: azure.subscription.monitor.activityLog



- uid: mondoo-asset-inventory-azure-networkSecurityGroups
title: Azure network security groups
docs:
Expand All @@ -403,16 +385,15 @@ queries:
mql: azure.subscription.network.securityGroup



- uid: mondoo-asset-inventory-azure-publicip
title: Azure public IP addresses
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves all public IP addresses in your subscription
mql: azure.subscription.networkService.publicIpAddresses{ name location ipAddress }



- uid: mondoo-asset-inventory-azure-virtualmachines
title: Azure virtual machines
docs:
Expand All @@ -429,7 +410,6 @@ queries:
mql: azure.subscription.compute.vm



- uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk
title: Azure virtual machines with managed disks
docs:
Expand All @@ -446,81 +426,81 @@ queries:
mql: azure.subscription.compute.vm.properties["storageProfile"]["osDisk"]["managedDisk"] != empty



- uid: mondoo-asset-inventory-azure-webapp
title: Azure web apps
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all web apps
mql: azure.subscription.web.apps



- uid: mondoo-asset-inventory-azure-cosmosDb
title: Azure Cosmos DB accounts
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all Cosmos DB accounts
mql: azure.subscription.cosmosDb.accounts



- uid: mondoo-asset-inventory-azure-applicationInsight
title: Azure Monitor Application Insights
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all Application Insights
mql: azure.subscription.monitor.applicationInsights



- uid: mondoo-asset-inventory-azure-networkWatcher
title: Azure Network Watchers
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for Azure Network Watchers
mql: azure.subscription.network.watchers



- uid: mondoo-asset-inventory-azure-bastionHosts
title: Azure Bastion hosts
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all Bastion hosts
mql: azure.subscription.network.bastionHosts



- uid: mondoo-asset-inventory-azure-compute-disks
title: Compute disks
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all compute disks available in the subscription
mql: azure.subscription.compute.disks



- uid: mondoo-asset-inventory-azure-network-interfaces
title: Network interfaces
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all network interfaces
mql: azure.subscription.network.interfaces{ name location properties['nicType'] properties['nicType'] properties['macAddress'] properties['virtualMachine']['id'] }



- uid: mondoo-asset-inventory-azure-resourcegroups
title: Azure subscription resource groups
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all resource groups inside the subscription
mql: azure.subscription.resourceGroups



- uid: mondoo-asset-inventory-azure-resources
title: Azure subscription resources
filters: asset.platform == "azure"
docs:
desc: |
This query retrieves data for all resources inside the subscription
Expand Down
Loading