-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🧹 Draft: Improve azure cnquery packs #99
Changes from all commits
d19ecc9
0e21830
557ae41
61d4d63
6cbe350
2413526
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,13 +23,25 @@ packs: | |
docs: | ||
desc: | | ||
This query retrieves the Azure subscription id | ||
mql: azure.subscription.id | ||
mql: azure.subscription.subscriptionId | ||
- uid: mondoo-asset-inventory-azure-subscription-name | ||
title: Retrieve Azure subscription Name | ||
docs: | ||
desc: | | ||
This query retrieves the Azure subscription name | ||
mql: azure.subscription.name | ||
- uid: mondoo-asset-inventory-azure-roleDefinitions | ||
title: Retrieve data for all Azure roleDefinitions | ||
docs: | ||
desc: | | ||
This query retrieves data for all Role definitions in the subscription | ||
mql: azure.subscription.authorization.roleDefinitions | ||
- uid: mondoo-asset-inventory-azure-subscription-policies | ||
title: Retrieve data for all Azure subscription's policies | ||
docs: | ||
desc: | | ||
This query retrieves data for all Policies in the subscription | ||
mql: azure.subscription.subscriptionsPolicies | ||
- uid: mondoo-asset-inventory-azure-cloudDefender | ||
title: Retrieve data for all Azure CloudDefender | ||
docs: | ||
|
@@ -60,6 +72,12 @@ packs: | |
desc: | | ||
This query retrieves data for all tables in storage accounts | ||
mql: azure.subscription.storage.accounts { tableProperties } | ||
- uid: mondoo-asset-inventory-azure-storageAccounts-queues | ||
title: Retrieve data for all queues in Azure storage accounts | ||
docs: | ||
desc: | | ||
This query retrieves data for all queues in storage accounts | ||
mql: azure.subscription.storage.accounts {queueProperties} | ||
- uid: mondoo-asset-inventory-azure-sqlServers | ||
title: Retrieve data for all Azure SQL Database servers | ||
docs: | ||
|
@@ -114,6 +132,24 @@ packs: | |
desc: | | ||
This query retrieves data for all Key Vaults | ||
mql: azure.subscription.keyVault.vaults | ||
- uid: mondoo-asset-inventory-azure-keyVaults-name | ||
title: Retrieve data for all Azure Key Vaults Name | ||
docs: | ||
desc: | | ||
This query retrieves data for all Key Vaults name | ||
mql: azure.subscription.keyVault.vaults { vaultName } | ||
- uid: mondoo-asset-inventory-azure-keyVaults-location | ||
title: Retrieve data for all Azure Key Vaults location | ||
docs: | ||
desc: | | ||
This query retrieves data for all Key Vaults location | ||
mql: azure.subscription.keyVault.vaults { location } | ||
- uid: mondoo-asset-inventory-azure-keyVaults-url | ||
title: Retrieve data for all Azure Key Vaults urls | ||
docs: | ||
desc: | | ||
This query retrieves data for all Key Vaults urls | ||
mql: azure.subscription.keyVault.vaults { vaultUri } | ||
- uid: mondoo-asset-inventory-azure-keyVaults-keys | ||
title: Retrieve data for all Azure Key Vaults keys | ||
docs: | ||
|
@@ -126,6 +162,12 @@ packs: | |
desc: | | ||
This query retrieves data for all secrets in Key Vaults | ||
mql: azure.subscription.keyVault.vaults { secrets } | ||
- uid: mondoo-asset-inventory-azure-keyVaults-accessPolicies | ||
title: Retrieve data for all Azure Key Vaults access policies | ||
docs: | ||
desc: | | ||
This query retrieves data for all access policies of different objects in Key Vaults | ||
mql: azure.subscription.keyVault.vaults { properties["accessPolicies"] } | ||
- uid: mondoo-asset-inventory-azure-keyVaults-certificates | ||
title: Retrieve data for all Azure Key Vaults certificates | ||
docs: | ||
|
@@ -204,6 +246,24 @@ packs: | |
desc: | | ||
This query retrieves data for all network interfaces | ||
mql: azure.subscription.network.interfaces | ||
- uid: mondoo-asset-inventory-azure-network-securityGroup-defaultrules | ||
title: Retrieve data for all default network security group rules | ||
docs: | ||
desc: | | ||
This query retrieves data for all default network security group rules | ||
mql: azure.subscription.network.securityGroups { defaultSecurityRules } | ||
- uid: mondoo-asset-inventory-azure-network-securityGroup-rules | ||
title: Retrieve data for all defined network security group rules | ||
docs: | ||
desc: | | ||
This query retrieves data for all defined network security group rules | ||
mql: azure.subscription.network.securityGroups { securityRules } | ||
- uid: mondoo-asset-inventory-azure-network-securityGroup-rules-info | ||
title: Retrieve detailed data for all defined network security group rules | ||
docs: | ||
desc: | | ||
This query retrieves detailed data for all defined network security group rules | ||
mql: azure.subscription.network.securityGroups { securityRules {properties} } | ||
- uid: mondoo-asset-inventory-azure-resourcegroups | ||
title: Retrieve data for all resource groups inside the subscription | ||
docs: | ||
|
@@ -215,4 +275,16 @@ packs: | |
docs: | ||
desc: | | ||
This query retrieves data for all resources inside the subscription | ||
mql: azure.subscription.resources | ||
mql: azure.subscription.resources | ||
- uid: mondoo-asset-inventory-azure-mfa-users | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We need to rework this in a data gathering way, not a security way. We could make it "Retrieve all users in the subscription and their MFA status" There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. done, Thanks! |
||
title: Retrieve all users in the subscription and their MFA status | ||
docs: | ||
desc: | | ||
This query Retrieve all users' MFA status in the subscription | ||
mql: microsoft.security.latestSecureScores.controlScores.one( _['controlName'] == 'MFARegistrationV2' && _['score'] == 9) | ||
- uid: mondoo-asset-inventory-azure-activitylogs-alerts | ||
title: Retrieve all activity logs alerts the subscription | ||
docs: | ||
desc: | | ||
This query Retrieve all activity logs alerts in the subscription | ||
mql: azure.subscription.monitor.activityLog.alerts {*} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.