steampipe plugin install azure

Table: azure_firewall - Query Azure Firewalls using SQL

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.

Table Usage Guide

The azure_firewall table provides insights into the firewalls within Azure. As a security engineer, explore firewall-specific details through this table, including rules, configurations, and associated metadata. Utilize it to uncover information about firewalls, such as their current status, applied rules, and the verification of connectivity policies.

Examples

Azure firewall location and availability zone count info

Analyze the number of availability zones for each Azure firewall and their respective regions to manage and optimize your resource distribution effectively. This can help in improving your application's resilience and availability across different regions.

select
name,
region,
jsonb_array_length(availability_zones) availability_zones_count
from
azure_firewall;
select
name,
region,
json_array_length(availability_zones) as availability_zones_count
from
azure_firewall;

Basic IP configuration info

This query helps you analyze your Azure firewall's IP configuration. By running this, you can gain insights into details like private IP address, allocation method, associated public IP address ID, and the virtual network it is part of, which can be crucial for network management and security purposes.

select
name,
ip #> '{properties, privateIPAddress}' private_ip_address,
ip #> '{properties, privateIPAllocationMethod}' private_ip_allocation_method,
split_part(ip -> 'properties' -> 'publicIPAddress' ->> 'id', '/', 9) public_ip_address_id,
split_part(ip -> 'properties' ->> 'subnet', '/', 9) virtual_network
from
azure_firewall
cross join jsonb_array_elements(ip_configurations) as ip;
Error: SQLite does not support split
or string_to_array functions.

List the premium category firewalls

Discover the segments that are using premium category firewalls in your Azure environment. This can help you understand where higher levels of security have been implemented.

select
name,
sku_tier,
sku_name
from
azure_firewall
where
sku_tier = 'Premium';
select
name,
sku_tier,
sku_name
from
azure_firewall
where
sku_tier = 'Premium';

List of firewalls where threat intel mode is off

Determine the areas in your Azure network where your firewalls are potentially vulnerable due to the threat intelligence mode being turned off. This can help enhance your network security by identifying and rectifying these weak points.

select
name,
threat_intel_mode
from
azure_firewall
where
threat_intel_mode = 'Off';
select
name,
threat_intel_mode
from
azure_firewall
where
threat_intel_mode = 'Off';

Schema for azure_firewall

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
additional_propertiesjsonbA collection of additional properties used to further config this azure firewall
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
application_rule_collectionsjsonbA collection of application rule collections used by Azure Firewall
availability_zonesjsonbA collection of availability zones denoting where the resource needs to come from
cloud_environmenttextThe Azure Cloud Environment.
etagtextAn unique read-only string that changes whenever the resource is updated
firewall_policy_idtextThe firewallPolicy associated with this azure firewall
hub_private_ip_addressinetPrivate IP Address associated with azure firewall
hub_public_ip_address_countbigintThe number of Public IP addresses associated with azure firewall
hub_public_ip_addressesjsonbA collection of Public IP addresses associated with azure firewall or IP addresses to be retained
idtextContains ID to identify a firewall uniquely
ip_configurationsjsonbA collection of IP configuration of the Azure Firewall resource
ip_groupsjsonbA collection of IpGroups associated with AzureFirewall
nametext=The friendly name that identifies the firewall
nat_rule_collectionsjsonbA collection of NAT rule collections used by Azure Firewall
network_rule_collectionsjsonbA collection of network rule collections used by Azure Firewall
provisioning_statetextThe provisioning state of the firewall resource
regiontextThe Azure region/location in which the resource is located.
resource_grouptext=The resource group which holds this resource.
sku_nametextName of an Azure Firewall SKU
sku_tiertextTier of an Azure Firewall
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
threat_intel_modetextThe operation mode for Threat Intelligence
titletextTitle of the resource.
typetextThe resource type of the firewall
virtual_hub_idtextThe virtualHub to which the firewall belongs

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_firewall