turbot/ibm_insights

Query: ibm_is_security_group_unrestricted_outbound_status

Usage

powerpipe query ibm_insights.query.ibm_is_security_group_unrestricted_outbound_status

Steampipe Tables

SQL

with outbound_sg as (
select
id,
count(*)
from
ibm_is_security_group,
jsonb_array_elements(rules) as r
where
(r -> 'remote' ->> 'cidr_block' = '0.0.0.0/0')
and r ->> 'protocol' <> 'icmp'
and (r ->> 'port_min' = '1' and r ->> 'port_max' = '65535')
and
r ->> 'direction' = 'outbound'
group by
id
)
select
case when o.id is null then 'restricted' else 'unrestricted' end as status,
count(*)
from
ibm_is_security_group as sg left join outbound_sg as o on sg.id = o.id
group by
status;

Dashboards

The query is used in the dashboards: