steampipe plugin install azuresteampipe plugin install azure

Table: azure_cognitive_account - Query Azure Cognitive Services Accounts using SQL

Azure Cognitive Services is a collection of AI services and cognitive APIs to help you build intelligent apps. These services enable you to easily add cognitive features into your applications. The features include vision, speech, language, knowledge, and search capabilities.

Table Usage Guide

The azure_cognitive_account table offers insights into the Azure Cognitive Services Accounts. As a developer or AI engineer, you can explore details about these accounts, such as the types of cognitive services being used, their configurations, and associated metadata. This information can be crucial for understanding the cognitive capabilities integrated into your applications and for optimizing their performance and usage.

Examples

Basic info

Determine the areas in which your Azure Cognitive Service accounts are provisioned, to better understand your resource usage and management. This is particularly useful for identifying any inconsistencies in provisioning and for gaining insights into your overall Azure resource allocation.

select
  name,
  id,
  kind,
  type,
  provisioning_state
from
  azure_cognitive_account;

select
  name,
  id,
  kind,
  type,
  provisioning_state
from
  azure_cognitive_account;

List accounts with enabled public network access

Discover the segments that have public network access enabled on their accounts. This is beneficial for identifying potential security risks and ensuring appropriate network access controls are in place.

select
  name,
  id,
  kind,
  type,
  provisioning_state,
  public_network_access
from
  azure_cognitive_account
where
  public_network_access = 'Enabled';

select
  name,
  id,
  kind,
  type,
  provisioning_state,
  public_network_access
from
  azure_cognitive_account
where
  public_network_access = 'Enabled';

List private endpoint connection details for accounts

Determine the details of private endpoint connections for Azure cognitive accounts. This can help in managing and monitoring the security and access control of your cognitive services in Azure.

select
  name,
  id,
  connections ->> 'ID' as connection_id,
  connections ->> 'Name' as connection_name,
  connections ->> 'PrivateEndpointID' as property_private_endpoint_id,
  jsonb_pretty(connections -> 'PrivateLinkServiceConnectionState') as property_private_link_service_connection_state,
  connections ->> 'Type' as connection_type
from
  azure_cognitive_account,
  jsonb_array_elements(private_endpoint_connections) as connections;

select
  name,
  a.id,
  json_extract(connections.value, '$.ID') as connection_id,
  json_extract(connections.value, '$.Name') as connection_name,
  json_extract(connections.value, '$.PrivateEndpointID') as property_private_endpoint_id,
  connections.value as property_private_link_service_connection_state,
  json_extract(connections.value, '$.Type') as connection_type
from
  azure_cognitive_account as a,
  json_each(private_endpoint_connections) as connections;

List diagnostic setting details for accounts

Determine the diagnostic settings of Azure cognitive accounts to understand how they're configured. This is useful for auditing and managing account settings for optimal performance and security.

select
  name,
  id,
  settings ->> 'id' as settings_id,
  settings ->> 'name' as settings_name,
  jsonb_pretty(settings -> 'properties' -> 'logs') as settings_properties_logs,
  jsonb_pretty(settings -> 'properties' -> 'metrics') as settings_properties_metrics,
  settings -> 'properties' ->> 'workspaceId' as settings_properties_workspaceId,
  settings ->> 'type' as settings_type
from
  azure_cognitive_account,
  jsonb_array_elements(diagnostic_settings) as settings;

select
  name,
  a.id,
  json_extract(settings.value, '$.id') as settings_id,
  json_extract(settings.value, '$.name') as settings_name,
  settings.value -> 'properties' -> 'logs' as settings_properties_logs,
  settings.value -> 'properties' -> 'metrics' as settings_properties_metrics,
  json_extract(settings.value, '$.properties.workspaceId') as settings_properties_workspaceId,
  json_extract(settings.value, '$.type') as settings_type
from
  azure_cognitive_account as a,
  json_each(diagnostic_settings) as settings;

Control examples

Schema for azure_cognitive_account

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
allowed_fqdn_list	jsonb		The allowed FQDN list for the resource.
api_properties	jsonb		The api properties for special APIs.
call_rate_limit	jsonb		The call rate limit of the resource.
capabilities	jsonb		The capabilities of the cognitive services account. Each item indicates the capability of a specific feature. The values are read-only and for reference only.
cloud_environment	text		The Azure Cloud Environment.
custom_sub_domain_name	text		The subdomain name used for token-based authentication.
date_created	text		The date of cognitive services account creation.
diagnostic_settings	jsonb		A list of active diagnostic settings for the cognitive service account.
disable_local_auth	boolean		Checks if local auth is disabled for the resource.
encryption	jsonb		The encryption properties for the resource.
endpoint	text		The endpoint of the created account.
endpoints	jsonb		All endpoints of the cognitive services account.
etag	text		The resource etag.
id	text		Fully qualified resource ID for the resource.
identity	jsonb		The identity for the resource.
is_migrated	boolean		Checks if the resource is migrated from an existing key.
kind	text		The kind of the resource.
migration_token	text		The resource migration token.
name	text	=	The name of the resource.
network_acls	jsonb		A collection of rules governing the accessibility from specific network locations.
private_endpoint_connections	jsonb		The private endpoint connection associated with the cognitive services account.
provisioning_state	text		The status of the cognitive services account at the time the operation was called. Possible values include: 'Accepted', 'Creating', 'Deleting', 'Moving', 'Failed', 'Succeeded', 'ResolvingDNS'.
public_network_access	text		Whether or not public endpoint access is allowed for this account. Value is optional but if passed in, must be 'Enabled' or 'Disabled'. Possible values include: 'Enabled', 'Disabled'.
quota_limit	jsonb		The quota limit of the resource.
region	text		The Azure region/location in which the resource is located.
resource_group	text	=	The resource group which holds this resource.
restore	boolean		Checks if restore is enabled for the resource.
restrict_outbound_network_access	boolean		Checks if outbound network access is restricted for the resource.
sku	jsonb		The resource model definition representing SKU.
sku_change_info	jsonb		Sku change info of the resource.
subscription_id	text		The Azure Subscription ID in which the resource is located.
system_data	jsonb		The metadata pertaining to creation and last modification of the resource.
tags	jsonb		A map of tags for the resource.
title	text		Title of the resource.
type	text		The type of the resource. E.g. 'Microsoft.Compute/virtualMachines' or 'Microsoft.Storage/storageAccounts'.
user_owned_storage	jsonb		The storage accounts for the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_cognitive_account