turbot/steampipe-mod-terraform-azure-compliance

Control: Firewall policy intrusion detection mode set to deny

Description

This control checks whether the firewall policy intrusion detection mode is set to deny.

Usage

Run the control in your terminal:

powerpipe control run terraform_azure_compliance.control.firewall_policy_intrusion_detection_mode_set_to_deny

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_azure_compliance.control.firewall_policy_intrusion_detection_mode_set_to_deny --share

SQL

This control uses a named query:

select
address as resource,
case
when (attributes_std -> 'intrusion_detection' ->> 'mode') = 'Deny' then 'ok'
else 'alarm'
end status,
split_part(address, '.', 2) || case
when (attributes_std -> 'intrusion_detection' ->> 'mode') = 'Deny' then ' intrusion detection mode is set to deny'
else ' intrusion detection mode is not set to deny'
end || '.' reason
, path || ':' || start_line
from
terraform_resource
where
type = 'azurerm_firewall_policy';

Tags