turbot/azure_compliance

Query: application_gateway_waf_uses_specified_mode

Usage

powerpipe query azure_compliance.query.application_gateway_waf_uses_specified_mode

SQL

select
ag.id as resource,
case
when (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') in ('Prevention','Detection') then 'ok'
else 'alarm'
end as status,
case
when (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') in ('Prevention','Detection') then ag.name || ' WAF mode is set to ' || (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') || '.'
else ag.name || ' WAF mode is not set to Prevention or Detection mode.'
end as reason
, ag.resource_group as resource_group
, sub.display_name as subscription
from
azure_application_gateway as ag
join azure_subscription as sub on sub.subscription_id = ag.subscription_id;

Controls

The query is being used by the following controls: