Control: Deploy default Microsoft IaaSAntimalware extension for Windows Server

Description

This policy deploys a Microsoft IaaSAntimalware extension with a default configuration when a VM is not configured with the anti-malware extension.

Usage

Run the control in your terminal:

powerpipe control run terraform_azure_compliance.control.compute_vm_malware_agent_installed

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_azure_compliance.control.compute_vm_malware_agent_installed --share

SQL

This control uses a named query:

with all_vm as (
  select
    *
  from
    terraform_resource
  where
    type = 'azurerm_virtual_machine'
), vm_extensions as (
    select
      *
    from
      terraform_resource
    where
      type = 'azurerm_virtual_machine_extension'
),
vm_amtimalware_extension as (
  select
    split_part((b.attributes_std ->> 'virtual_machine_id'), '.', 2) as vm_name
  from
    all_vm as a
    left join vm_extensions as b on (split_part((b.attributes_std ->> 'virtual_machine_id'), '.', 2)) = a.name
  where
    (b.attributes_std ->> 'publisher') = 'Microsoft.Azure.Security'
    and (b.attributes_std ->> 'type') = 'IaaSAntimalware'
)
select
  address as resource,
  case
    when d.vm_name is null then 'alarm'
    else 'ok'
  end as status,
  split_part(address, '.', 2) || case
    when d.vm_name is null then ' IaaSAntimalware extension not installed'
    else ' IaaSAntimalware extension installed'
  end || '.' reason
  
  , path || ':' || start_line
from
  all_vm as c left join vm_amtimalware_extension as d on c.name = d.vm_name;

Control: Deploy default Microsoft IaaSAntimalware extension for Windows Server

Description

Usage

SQL

Tags