Control: Ensure any of the ASC Default policy setting is not set to "Disabled"
Description
None of the settings offered by ASC Default policy should be set to effect "Disabled".
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.securitycenter_asc_default_setting_not_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.securitycenter_asc_default_setting_not_disabled --shareSQL
This control uses a named query:
with policy_assignment_parameters as ( select id, name, key, parameters -> key ->> 'value' as value, subscription_id from azure_policy_assignment, jsonb_object_keys(parameters) as key where name = 'SecurityCenterBuiltIn')select sub.id as resource, case when count(value = 'Disabled') > 0 then 'alarm' else 'ok' end as status, case when count(value = 'Disabled') > 0 then 'Settings disabled for ' || count(*) filter (where value = 'Disabled') || ' parameters.' else 'Settings enabled for all the parameters.' end as reason , sub.display_name as subscriptionfrom policy_assignment_parameters pol_assignment right join azure_subscription sub on pol_assignment.subscription_id = sub.subscription_idgroup by sub.id, pol_assignment.id, sub._ctx, sub.subscription_id, pol_assignment.subscription_id, sub.display_name;