Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: Web Application Firewall (WAF) should use the specified mode for Application Gateway

Description

Mandates the use of 'Detection' or 'Prevention' mode to be active on all Web Application Firewall policies for Application Gateway.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.application_gateway_waf_uses_specified_mode

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.application_gateway_waf_uses_specified_mode --share

SQL

This control uses a named query:

select
  ag.id as resource,
  case
    when (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') in ('Prevention','Detection') then 'ok'
    else 'alarm'
  end as status,
  case
    when (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') in ('Prevention','Detection') then ag.name || ' WAF mode is set to ' || (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') || '.'
    else ag.name || ' WAF mode is not set to Prevention or Detection mode.'
  end as reason
  
  , ag.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_application_gateway as ag
  left join azure_subscription as sub on sub.subscription_id = ag.subscription_id;

Tags

rbi_itf_nbfc_v2017 = true
service = Azure/Network