Query: web_application_firewall_policy_bot_protection_enabled

select
  ag.id as resource,
  case
    when managed_rules -> 'managedRuleSets' @> '[{"ruleSetType": "Microsoft_BotManagerRuleSet"}]'::jsonb
    and not exists (
    select 1
    from jsonb_array_elements((managed_rules -> 'managedRuleSets')::jsonb) as mrs,
         jsonb_array_elements(coalesce(mrs -> 'ruleGroupOverrides', '[]'::jsonb)) as rgo,
         jsonb_array_elements(coalesce(rgo -> 'rules', '[]'::jsonb)) as rule
    where mrs ->> 'ruleSetType' = 'Microsoft_BotManagerRuleSet'
      and lower(rule ->> 'state') = 'disabled'
  )
    then 'ok'
    when managed_rules -> 'managedRuleSets' @> '[{"ruleSetType": "Microsoft_BotManagerRuleSet"}]'::jsonb then 'alarm'
    else 'alarm'
  end as status,
case
  when managed_rules -> 'managedRuleSets' @> '[{"ruleSetType": "Microsoft_BotManagerRuleSet"}]'::jsonb
  and not exists (
    select 1
    from jsonb_array_elements((managed_rules -> 'managedRuleSets')::jsonb) as mrs,
         jsonb_array_elements(coalesce(mrs -> 'ruleGroupOverrides', '[]'::jsonb)) as rgo,
         jsonb_array_elements(coalesce(rgo -> 'rules', '[]'::jsonb)) as rule
    where mrs ->> 'ruleSetType' = 'Microsoft_BotManagerRuleSet'
      and lower(rule ->> 'state') = 'disabled'
  ) then ag.name || ' bot protection (Microsoft_BotManagerRuleSet) is enabled.'
  when managed_rules -> 'managedRuleSets' @> '[{"ruleSetType": "Microsoft_BotManagerRuleSet"}]'::jsonb then ag.name || ' bot protection rule set found but one or more rules are disabled.'
  else ag.name || ' does not have Microsoft_BotManagerRuleSet configured.'
  end as reason
  
  , ag.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_web_application_firewall_policy ag
  left join azure_subscription sub on sub.subscription_id = ag.subscription_id;