🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
13Dashboards
1311Benchmarks
430Queries
2Variables
GitHub

Control: Application Insights components should block log ingestion and querying from public networks

Description

Improve Application Insights security by blocking log ingestion and querying from public networks. Only private-link connected networks will be able to ingest and query logs of this component. Learn more at https://aka.ms/AzMonPrivateLink\#configure-application-insights.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.application_insights_block_log_ingestion_and_querying_from_public

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.application_insights_block_log_ingestion_and_querying_from_public --share

SQL

This control uses a named query:

select
  a.id as resource,
  case
    when type = 'microsoft.insights/components' and public_network_access_for_ingestion = 'Enabled' and public_network_access_for_query = 'Enabled' then 'ok'
    else 'alarm'
  end as status,
  case
    when type = 'microsoft.insights/components' and public_network_access_for_ingestion = 'Enabled' and public_network_access_for_query = 'Enabled' then a.name || ' allows log ingestion and querying from public network.'
    else a.name || ' does not allow log ingestion and querying from public network.'
  end as reason
  
  , a.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_application_insight as a
  left join azure_subscription sub on sub.subscription_id = a.subscription_id;

Tags

rbi_itf_nbfc_v2017 = true
service = Azure/Monitor