Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/terraform_azure_compliance
Overview
46Dashboards
291Controls
291Queries
2Variables
GitHub

Query: sql_server_auditing_storage_account_destination_retention_90_days

Usage

powerpipe query terraform_azure_compliance.query.sql_server_auditing_storage_account_destination_retention_90_days

Steampipe Tables

terraform_resource
Terraform plugin

SQL

select
  address as resource,
  case
    when (attributes_std -> 'threat_detection_policy') is null then 'alarm'
    when (
      attributes_std -> 'threat_detection_policy' ->> 'state'
    ) = 'Disabled' then 'alarm'
    when (
      attributes_std -> 'threat_detection_policy' ->> 'state'
    ) = 'Enabled'
    and(
      attributes_std -> 'threat_detection_policy' -> 'retention_days'
    ) is null then 'alarm'
    when (
      attributes_std -> 'threat_detection_policy' -> 'retention_days'
    ) :: integer < 90 then 'alarm'
    else 'ok'
  end status,
  split_part(address, '.', 2) || case
    when (attributes_std -> 'threat_detection_policy') is null then ' threat detection policy not enabled'
    when (
      attributes_std -> 'threat_detection_policy' ->> 'state'
    ) = 'Disabled' then ' threat detection policy disabled'
    when (
      attributes_std -> 'threat_detection_policy' ->> 'state'
    ) = 'Enabled'
    and(
      attributes_std -> 'threat_detection_policy' -> 'retention_days'
    ) is null then ' auditing to storage account destination not configured with 90 days retention or higher'
    when (
      attributes_std -> 'threat_detection_policy' -> 'retention_days'
    ) :: integer < 90 then ' auditing to storage account destination not configured with 90 days retention or higher'
    else ' auditing to storage account destination configured with 90 days retention or higher'
  end || '.' reason,
  path || ':' || start_line
from
  terraform_resource
where
  type = 'azurerm_sql_server';

Controls

The query is being used by the following controls: