turbot/oci_insights

Query: vcn_security_list_ingress_rdp

Usage

powerpipe query oci_insights.query.vcn_security_list_ingress_rdp

Steampipe Tables

SQL

with non_compliant_rules as (
select
id,
count(*) as num_noncompliant_rules
from
oci_core_security_list,
jsonb_array_elements(ingress_security_rules) as r
where
r ->> 'direction' = 'INGRESS'
and r ->> 'sourceType' = 'CIDR_BLOCK'
and r ->> 'source' = '0.0.0.0/0'
and (
r ->> 'protocol' = 'all'
or (
(r -> 'tcpOptions' -> 'destinationPortRange' ->> 'min') :: integer <= 3389
and (r -> 'tcpOptions' -> 'destinationPortRange' ->> 'max') :: integer >= 3389
)
)
and lifecycle_state <> 'TERMINATED'
group by
id
)
select
case
when non_compliant_rules.id is null then 'Restricted'
else 'Unrestricted'
end as value,
'Ingress RDP' as label,
case
when non_compliant_rules.id is null then 'ok'
else 'alert'
end as type
from
oci_core_security_list as sl
left join non_compliant_rules on non_compliant_rules.id = sl.id
where
sl.id = $1
and sl.lifecycle_state <> 'TERMINATED';

Dashboards

The query is used in the dashboards: