Powerpipe MCP Server →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
15Dashboards
1464Benchmarks
449Queries
2Variables
GitHub

Query: security_center_attack_path_alerts_enabled

Usage

powerpipe query azure_compliance.query.security_center_attack_path_alerts_enabled

Steampipe Tables

azure_security_center_contact
azure_security_center_setting
Azure plugin

SQL

with contact_info as (
  select
    subscription_id,
    count(*) filter (where alert_notifications = 'On') as notification_alert_count
  from
    azure_security_center_contact
  group by
    subscription_id
)
select
  c.id as resource,
  case
    when c.name = 'AttackPath' and c.enabled and ci.notification_alert_count > 0 then 'ok'
    else 'alarm'
  end as status,
  case
    when c.name = 'AttackPath' and c.enabled and ci.notification_alert_count > 0 then 'Attack path notifications are enabled.'
    when c.name = 'AttackPath' and not c.enabled then 'Attack path notifications are disabled.'
    when ci.notification_alert_count = 0 then 'Security alert notifications are disabled.'
    else 'Attack path notifications not configured.'
  end as reason,
  c.subscription_id,
  c.cloud_environment
from
  azure_security_center_setting c
  left join contact_info ci on c.subscription_id = ci.subscription_id
where
  c.name = 'AttackPath';

Controls

The query is being used by the following controls: