Control: Firewall policy intrusion detection mode set to deny
Description
This control checks whether the firewall policy intrusion detection mode is set to deny.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.firewall_policy_intrusion_detection_mode_set_to_deny
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.firewall_policy_intrusion_detection_mode_set_to_deny --share
SQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'intrusion_detection' ->> 'mode') = 'Deny' then 'ok' else 'alarm' end status, split_part(address, '.', 2) || case when (attributes_std -> 'intrusion_detection' ->> 'mode') = 'Deny' then ' intrusion detection mode is set to deny' else ' intrusion detection mode is not set to deny' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_firewall_policy';