Control: Web Application Firewall (WAF) should use the specified mode for Application Gateway
Description
Mandates the use of 'Detection' or 'Prevention' mode to be active on all Web Application Firewall policies for Application Gateway.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.application_gateway_waf_uses_specified_modeSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.application_gateway_waf_uses_specified_mode --shareSQL
This control uses a named query:
select ag.id as resource, case when (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') in ('Prevention','Detection') then 'ok' else 'alarm' end as status, case when (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') in ('Prevention','Detection') then ag.name || ' WAF mode is set to ' || (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') || '.' else ag.name || ' WAF mode is not set to Prevention or Detection mode.' end as reason , ag.resource_group as resource_group , sub.display_name as subscriptionfrom azure_application_gateway as ag join azure_subscription as sub on sub.subscription_id = ag.subscription_id;