turbot/ibm_insights

Query: ibm_is_security_group_unrestricted_outbound

Usage

powerpipe query ibm_insights.query.ibm_is_security_group_unrestricted_outbound

Steampipe Tables

SQL

select
'Unrestricted Outbound (Excludes ICMP)' as label,
count(*) as value,
case
when count(*) = 0 then 'ok'
else 'alert'
end as type
from
ibm_is_security_group,
jsonb_array_elements(rules) as r
where
(r -> 'remote' ->> 'cidr_block' = '0.0.0.0/0')
and r ->> 'protocol' <> 'icmp'
and (
r ->> 'port_min' = '1'
and r ->> 'port_max' = '65535'
)
and r ->> 'direction' = 'outbound'
and crn = $1;

Params

ArgsNameDefaultDescriptionVariable
$1crn

    Dashboards

    The query is used in the dashboards: