Table: azure_application_security_group - Query Azure Application Security Groups using SQL
An Azure Application Security Group is a logical representation of an application in Azure. It allows for the grouping of servers based on applications for security and isolation of network traffic. This provides a more natural way to apply and manage security policies based on applications rather than explicit IP addresses or subnets.
Table Usage Guide
The azure_application_security_group table provides insights into Application Security Groups within Azure. As a security analyst, explore application-specific details through this table, including security configurations, associated network interfaces, and potential vulnerabilities. Utilize it to uncover information about applications, such as those with weak security settings, the relationships between applications and network interfaces, and the verification of security policies.
Examples
Basic info
Explore which applications are grouped together in Azure, and determine the areas in which these groups are deployed. This can aid in understanding the organization and distribution of your applications across different regions.
select name, region, resource_groupfrom azure_application_security_group;select name, region, resource_groupfrom azure_application_security_group;List of application security group without application tag key
Identify instances where Azure application security groups lack the 'application' tag key. This can help streamline organization and management of security groups.
select name, tagsfrom azure_application_security_groupwhere not tags :: JSONB ? 'application';select name, tagsfrom azure_application_security_groupwhere json_extract(tags, '$.application') is null;Schema for azure_application_security_group
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| etag | text | An unique read-only string that changes whenever the resource is updated | |
| id | text | Contains ID to identify a application security group uniquely | |
| name | text | = | The friendly name that identifies the application security group |
| provisioning_state | text | The resource type of the application security group | |
| region | text | The Azure region/location in which the resource is located. | |
| resource_group | text | = | The resource group which holds this resource. |
| resource_guid | text | The resource GUID property of the application security group resource | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | The resource type of the application security group |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_application_security_group