Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: Ensure bot protection is enabled in Azure Web Application Firewall policy on Azure Application Gateway

Description

Bot protection helps protect web applications from malicious bots that can scrape content, perform credential stuffing, or launch DDoS attacks. Enabling bot protection enhances application security.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.web_application_firewall_policy_bot_protection_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.web_application_firewall_policy_bot_protection_enabled --share

SQL

This control uses a named query:

select
  ag.id as resource,
  case
    when managed_rules -> 'managedRuleSets' @> '[{"ruleSetType": "Microsoft_BotManagerRuleSet"}]'::jsonb
    and not exists (
    select 1
    from jsonb_array_elements((managed_rules -> 'managedRuleSets')::jsonb) as mrs,
         jsonb_array_elements(coalesce(mrs -> 'ruleGroupOverrides', '[]'::jsonb)) as rgo,
         jsonb_array_elements(coalesce(rgo -> 'rules', '[]'::jsonb)) as rule
    where mrs ->> 'ruleSetType' = 'Microsoft_BotManagerRuleSet'
      and lower(rule ->> 'state') = 'disabled'
  )
    then 'ok'
    when managed_rules -> 'managedRuleSets' @> '[{"ruleSetType": "Microsoft_BotManagerRuleSet"}]'::jsonb then 'alarm'
    else 'alarm'
  end as status,
case
  when managed_rules -> 'managedRuleSets' @> '[{"ruleSetType": "Microsoft_BotManagerRuleSet"}]'::jsonb
  and not exists (
    select 1
    from jsonb_array_elements((managed_rules -> 'managedRuleSets')::jsonb) as mrs,
         jsonb_array_elements(coalesce(mrs -> 'ruleGroupOverrides', '[]'::jsonb)) as rgo,
         jsonb_array_elements(coalesce(rgo -> 'rules', '[]'::jsonb)) as rule
    where mrs ->> 'ruleSetType' = 'Microsoft_BotManagerRuleSet'
      and lower(rule ->> 'state') = 'disabled'
  ) then ag.name || ' bot protection (Microsoft_BotManagerRuleSet) is enabled.'
  when managed_rules -> 'managedRuleSets' @> '[{"ruleSetType": "Microsoft_BotManagerRuleSet"}]'::jsonb then ag.name || ' bot protection rule set found but one or more rules are disabled.'
  else ag.name || ' does not have Microsoft_BotManagerRuleSet configured.'
  end as reason
  
  , ag.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_web_application_firewall_policy ag
  left join azure_subscription sub on sub.subscription_id = ag.subscription_id;

Tags

service = Azure/Network