v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/azure
Overview
167Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install azure

Table: azure_firewall_policy - Query Azure Firewall Policies using SQL

Azure Firewall Policy is a resource in Microsoft Azure that allows you to create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. It provides centralized network and application rule collections that can be referenced by multiple Azure Firewalls. Azure Firewall Policy simplifies management and reduces errors with its ability to manage all Azure Firewalls through Azure Policy and Azure Management Groups.

Table Usage Guide

The azure_firewall_policy table provides insights into Firewall Policies within Microsoft Azure. As a Network Administrator, explore policy-specific details through this table, including rules, settings, and associated metadata. Utilize it to uncover information about policies, such as those governing network traffic flow at the application and network level, providing a centralized way to manage and enforce network connectivity policies.

Examples

Basic info

Explore the characteristics of your Azure firewall policies such as their provisioning state, tier, base and child policies, and the region they're set up in. This helps in understanding the configuration and status of your firewall policies, assisting in security management and planning.

select
  name,
  id,
  type,
  provisioning_state,
  sku_tier,
  base_policy,
  child_policies,
  region
from
  azure_firewall_policy;
select
  name,
  id,
  type,
  provisioning_state,
  sku_tier,
  base_policy,
  child_policies,
  region
from
  azure_firewall_policy;

List policies that are in failed state

Identify instances where certain policies have not been provisioned successfully. This is useful for troubleshooting and rectifying issues to ensure all policies are active and functional.

select
  name,
  id,
  dns_settings,
  firewalls
from
  azure_firewall_policy
where
  provisioning_state = 'Failed';
select
  name,
  id,
  dns_settings,
  firewalls
from
  azure_firewall_policy
where
  provisioning_state = 'Failed';

Get firewall details of each policy

This query is used to explore the firewall details associated with each policy in Azure. It provides valuable insights into the private and public IP addresses associated with each firewall, aiding in network security management and policy review.

select
  p.name as firewall_policy_name,
  p.id as firewall_policy_id,
  f.id as firewall_id,
  f.hub_private_ip_address,
  f.hub_public_ip_address_count
from
  azure_firewall_policy as p,
  jsonb_array_elements(p.firewalls) as firewall,
  azure_firewall as f
where
  f.id = firewall ->> 'ID';
select
  p.name as firewall_policy_name,
  p.id as firewall_policy_id,
  f.id as firewall_id,
  f.hub_private_ip_address,
  f.hub_public_ip_address_count
from
  azure_firewall_policy as p,
  json_each(p.firewalls) as firewall,
  azure_firewall as f
where
  f.id = json_extract(firewall.value, '$.ID');

Get DNS setting details of each policy

This query helps to analyze the DNS settings for each policy in your Azure firewall. It's useful in understanding the server configurations, whether a proxy is enabled, and if a proxy is required for network rules, thus aiding in security and network management.

select
  name,
  id,
  dns_settings ->> 'Servers' as servers,
  dns_settings ->> 'EnableProxy' as enable_proxy,
  dns_settings ->> 'RequireProxyForNetworkRules' as require_proxy_for_network_rules
from
  azure_firewall_policy;
select
  name,
  id,
  json_extract(dns_settings, '$.Servers') as servers,
  json_extract(dns_settings, '$.EnableProxy') as enable_proxy,
  json_extract(dns_settings, '$.RequireProxyForNetworkRules') as require_proxy_for_network_rules
from
  azure_firewall_policy;

List threat intel whitelist IP addresses of firewall policies

Determine the areas in which firewall policies have whitelisted IP addresses, which is beneficial for understanding potential security vulnerabilities and ensuring your network is protected from known threats.

select
  name,
  id,
  i as whitelist_ip_address
from
  azure_firewall_policy,
  jsonb_array_elements_text(threat_intel_whitelist_ip_addresses) as i;
select
  name,
  p.id,
  i.value as whitelist_ip_address
from
  azure_firewall_policy as p,
  json_each(threat_intel_whitelist_ip_addresses) as i;

List threat intel whitelist FQDNs of firewall policies

Explore which firewall policies have specific domains whitelisted, providing a way to identify potential security vulnerabilities or unnecessary exceptions in your Azure firewall configuration.

select
  name,
  id,
  f as whitelist_fqdn
from
  azure_firewall_policy,
  jsonb_array_elements_text(threat_intel_whitelist_fqdns) as f;
select
  name,
  p.id,
  f.value as whitelist_fqdn
from
  azure_firewall_policy as p,
  json_each(threat_intel_whitelist_fqdns) as f;

Schema for azure_firewall_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
base_policyjsonbThe parent firewall policy from which rules are inherited.
child_policiesjsonbList of references to Child Firewall Policies.
cloud_environmenttextThe Azure Cloud Environment.
dns_settingsjsonbDNS Proxy Settings definition.
etagtextA unique read-only string that changes whenever the resource is updated.
firewallsjsonbList of references to Azure Firewalls that this Firewall Policy is associated with.
idtextContains ID to identify a firewall policy uniquely.
identityjsonbThe identity of the firewall policy.
intrusion_detection_configurationjsonbIntrusion detection configuration properties.
intrusion_detection_modetextIntrusion detection general state. Possible values include: 'FirewallPolicyIntrusionDetectionStateTypeOff', 'FirewallPolicyIntrusionDetectionStateTypeAlert', 'FirewallPolicyIntrusionDetectionStateTypeDeny'.
nametext=The friendly name that identifies the firewall policy.
provisioning_statetextThe provisioning state of the firewall policy resource. Possible values include: 'Succeeded', 'Updating', 'Deleting', 'Failed'.
regiontextThe Azure region/location in which the resource is located.
resource_grouptext=The resource group which holds this resource.
rule_collection_groupsjsonbList of references to FirewallPolicyRuleCollectionGroups.
sku_tiertextTier of Firewall Policy. Possible values include: 'FirewallPolicySkuTierStandard', 'FirewallPolicySkuTierPremium'.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
threat_intel_modetextThe operation mode for Threat Intelligence. Possible values include: 'AzureFirewallThreatIntelModeAlert', 'AzureFirewallThreatIntelModeDeny', 'AzureFirewallThreatIntelModeOff'.
threat_intel_whitelist_fqdnsjsonbList of FQDNs for the ThreatIntel Whitelist.
threat_intel_whitelist_ip_addressesjsonbList of IP addresses for the ThreatIntel Whitelist.
titletextTitle of the resource.
transport_security_certificate_authorityjsonbThe CA used for intermediate CA generation.
typetextThe resource type of the firewall policy.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_firewall_policy