turbot/azure_compliance

Query: compute_vm_windows_defender_exploit_guard_enabled

Usage

powerpipe query azure_compliance.query.compute_vm_windows_defender_exploit_guard_enabled

SQL

with compute_machine as(
select
id,
name,
subscription_id,
resource_group
from
azure_compute_virtual_machine,
jsonb_array_elements(guest_configuration_assignments) as e
where
e ->> 'name' = 'WindowsDefenderExploitGuard'
and e ->> 'complianceStatus' = 'Compliant'
)
select
a.id as resource,
case
when a.os_type <> 'Windows' then 'skip'
when m.id is not null then 'ok'
else 'alarm'
end as status,
case
when a.os_type <> 'Windows' then a.name || ' is of ' || a.os_type || ' operating system.'
when m.id is not null then a.name || ' windows defender exploit guard enabled.'
else a.name || ' windows defender exploit guard disabled.'
end as reason
, a.resource_group as resource_group
, sub.display_name as subscription
from
azure_compute_virtual_machine as a
left join compute_machine as m on m.id = a.id,
azure_subscription as sub
where
sub.subscription_id = a.subscription_id;

Controls

The query is being used by the following controls: