Query: security_center_attack_path_alerts_enabled

with contact_info as (
  select
    subscription_id,
    count(*) filter (where alert_notifications = 'On') as notification_alert_count
  from
    azure_security_center_contact
  group by
    subscription_id
)
select
  c.id as resource,
  case
    when c.name = 'AttackPath' and c.enabled and ci.notification_alert_count > 0 then 'ok'
    else 'alarm'
  end as status,
  case
    when c.name = 'AttackPath' and c.enabled and ci.notification_alert_count > 0 then 'Attack path notifications are enabled.'
    when c.name = 'AttackPath' and not c.enabled then 'Attack path notifications are disabled.'
    when ci.notification_alert_count = 0 then 'Security alert notifications are disabled.'
    else 'Attack path notifications not configured.'
  end as reason,
  c.subscription_id,
  c.cloud_environment
from
  azure_security_center_setting c
  left join contact_info ci on c.subscription_id = ci.subscription_id
where
  c.name = 'AttackPath';