Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: Ensure the SSL policy's 'Min protocol version' is set to 'TLSv1_2' or higher on Azure Application Gateway

Description

The TLS protocol secures transmission of data between servers and clients by encrypting the data stream. Vulnerabilities in older versions of TLS can lead to potential security risks. Setting the minimum TLS version to TLSv1_2 or higher ensures that only secure versions of the protocol are used.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.application_gateway_min_tls_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.application_gateway_min_tls_1_2 --share

SQL

This control uses a named query:

select
  ag.id as resource,
  case
    when ssl_policy is null or ((ssl_policy ->> 'minProtocolVersion') in ('TLSv1_2' , 'TLSv1_3')) then 'ok'
    else 'alarm'
  end as status,
  case
    when ssl_policy is null then ag.name || ' minimum TLS version set to TLSv1_2.'
    else ag.name || ' minimum TLS version set to ' || (ssl_policy ->> 'minProtocolVersion') || '.'
  end as reason
  
  , ag.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_application_gateway ag
  left join azure_subscription sub on sub.subscription_id = ag.subscription_id;

Tags

service = Azure/Network