OCI Block Storage Block Volume Age ReportOCI Block Storage Block Volume DashboardOCI Block Storage Block Volume DetailOCI Block Storage Block Volume Encryption ReportOCI Block Storage Block Volume Unattached ReportOCI Block Storage Boot Volume Age ReportOCI Block Storage Boot Volume DashboardOCI Block Storage Boot Volume DetailOCI Block Storage Boot Volume Encryption ReportOCI Block Storage Boot Volume Unattached ReportOCI Compartment ReportOCI Compute Instance Age ReportOCI Compute Instance DashboardOCI Compute Instance DetailOCI Database Autonomous DB Age ReportOCI Database Autonomous DB DashboardOCI Database Autonomous DB DetailOCI File Storage File System Age ReportOCI File Storage File System DashboardOCI File Storage File System DetailOCI Identity API Key Age ReportOCI Identity Customer Secret Key Age ReportOCI Identity Group DashboardOCI Identity Group DetailOCI Identity User DashboardOCI Identity User DetailOCI Identity User MFA ReportOCI KMS Key Age ReportOCI KMS Key DashboardOCI KMS Key DetailOCI KMS Vault Age ReportOCI KMS Vault DashboardOCI KMS Vault DetailOCI MySQL Backup Age ReportOCI MySQL Backup DashboardOCI MySQL DB System Age ReportOCI MySQL DB System DashboardOCI MySQL DB System DetailOCI NoSQL Table Age ReportOCI NoSQL Table DashboardOCI NoSQL Table DetailOCI Object Storage Bucket Age ReportOCI Object Storage Bucket DashboardOCI Object Storage Bucket DetailOCI Object Storage Bucket Encryption ReportOCI Object Storage Bucket Lifecycle ReportOCI Object Storage Bucket Logging ReportOCI Object Storage Bucket Public Access ReportOCI ONS Notification Topic Age ReportOCI ONS Notification Topic DashboardOCI ONS Notification Topic DetailOCI ONS Subscription Age ReportOCI ONS Subscription DashboardOCI Tenancy ReportOCI VCN DashboardOCI VCN DetailOCI VCN Network Security Group DashboardOCI VCN Network Security Group DetailOCI VCN Network Security List DashboardOCI VCN Security List DetailOCI VCN Subnet DashboardOCI VCN Subnet DetailOCI VCN Subnet Flow Logs Report
Dashboard: OCI VCN Network Security Group Dashboard
This dashboard answers the following questions:
- How many security groups are in each tenancy, compartment, and region?
- How many security groups have unrestricted ingress SSH and RDP?
This dashboard contains 3 cards.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-oci-insightsStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select OCI VCN Network Security Group Dashboard dashboard.
You could also snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe dashboard run oci_insights.dashboard.oci_vcn_network_security_group_dashboard --shareQueries
This dashboard uses the the following queries:
with non_compliant_rules as ( select id, count(*) as num_noncompliant_rules from oci_core_network_security_group, jsonb_array_elements(rules) as r where r ->> 'direction' = 'INGRESS' and r ->> 'sourceType' = 'CIDR_BLOCK' and r ->> 'source' = '0.0.0.0/0' and ( r ->> 'protocol' = 'all' or ( (r -> 'tcpOptions' -> 'destinationPortRange' ->> 'min')::integer <= 22 and (r -> 'tcpOptions' -> 'destinationPortRange' ->> 'max')::integer >= 22 ) ) and lifecycle_state <> 'TERMINATED' group by id),sg_list as ( select nsg.id, case when non_compliant_rules.id is null then true else false end as restricted from oci_core_network_security_group as nsg left join non_compliant_rules on non_compliant_rules.id = nsg.id left join oci_identity_compartment c on c.id = nsg.compartment_id where nsg.lifecycle_state <> 'TERMINATED')select case when restricted then 'restricted' else 'unrestricted' end as restrict_ingress_rdp_status, count(*)from sg_listgroup by restricted;