turbot/terraform_azure_compliance

Query: compute_vm_malware_agent_installed

Usage

powerpipe query terraform_azure_compliance.query.compute_vm_malware_agent_installed

Steampipe Tables

SQL

with all_vm as (
select
*
from
terraform_resource
where
type = 'azurerm_virtual_machine'
), vm_extensions as (
select
*
from
terraform_resource
where
type = 'azurerm_virtual_machine_extension'
),
vm_amtimalware_extension as (
select
split_part((b.attributes_std ->> 'virtual_machine_id'), '.', 2) as vm_name
from
all_vm as a
left join vm_extensions as b on (split_part((b.attributes_std ->> 'virtual_machine_id'), '.', 2)) = a.name
where
(b.attributes_std ->> 'publisher') = 'Microsoft.Azure.Security'
and (b.attributes_std ->> 'type') = 'IaaSAntimalware'
)
select
address as resource,
case
when d.vm_name is null then 'alarm'
else 'ok'
end as status,
split_part(address, '.', 2) || case
when d.vm_name is null then ' IaaSAntimalware extension not installed'
else ' IaaSAntimalware extension installed'
end || '.' reason
, path || ':' || start_line
from
all_vm as c left join vm_amtimalware_extension as d on c.name = d.vm_name;

Controls

The query is being used by the following controls: