Query: application_gateway_waf_uses_specified_mode

select
  ag.id as resource,
  case
    when (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') in ('Prevention','Detection') then 'ok'
    else 'alarm'
  end as status,
  case
    when (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') in ('Prevention','Detection') then ag.name || ' WAF mode is set to ' || (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') || '.'
    else ag.name || ' WAF mode is not set to Prevention or Detection mode.' 
  end as reason
  
  , ag.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_application_gateway as ag
  join azure_subscription as sub on sub.subscription_id = ag.subscription_id;