turbot/steampipe-mod-azure-compliance

Control: Windows web servers should be configured to use secure communication protocols

Description

To protect the privacy of information communicated over the Internet, your web servers should use the latest version of the industry-standard cryptographic protocol, Transport Layer Security (TLS). TLS secures communications over a network by using security certificates to encrypt a connection between machines.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.compute_vm_secure_communication_protocols_configured

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.compute_vm_secure_communication_protocols_configured --share

SQL

This control uses a named query:

with compute_machine as(
select
id,
name,
subscription_id,
resource_group,c
from
azure_compute_virtual_machine,
jsonb_array_elements(guest_configuration_assignments) as e,
jsonb_array_elements(e -> 'guestConfiguration' -> 'configurationParameter') as c
where
e ->> 'name' = 'AuditSecureProtocol'
and e ->> 'complianceStatus' = 'Compliant'
and c ->> 'name' = 'MinimumTLSVersion'
and c ->> 'value' = '1.3'
)
select
a.id as resource,
case
when a.os_type <> 'Windows' then 'skip'
when m.id is not null then 'ok'
else 'alarm'
end as status,
case
when a.os_type <> 'Windows' then a.name || ' is of ' || a.os_type || ' operating system.'
when m.id is not null then a.name || ' configured to use secure communication protocols.'
else a.name || ' not configured to use secure communication protocols.'
end as reason
, a.resource_group as resource_group
, sub.display_name as subscription
from
azure_compute_virtual_machine as a
left join compute_machine as m on m.id = a.id,
azure_subscription as sub
where
sub.subscription_id = a.subscription_id;

Tags