turbot/azure

steampipe plugin install azuresteampipe plugin install azure
On This Page
Get Involved

Table: azure_network_security_group

A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

Examples

Subnets and network interfaces attached to the network security groups

select
name,
split_part(nic ->> 'id', '/', 9) network_interface,
split_part(vn ->> 'id', '/', 9) virtual_network,
split_part(vn ->> 'id', '/', 11) subnets
from
azure_network_security_group
cross join jsonb_array_elements(network_interfaces) as nic,
jsonb_array_elements(subnets) as vn;

List the network security groups whose inbound is not restricted from the internet

select
name,
sg ->> 'name' as sg_name,
sg -> 'properties' ->> 'access' as access,
sg -> 'properties' ->> 'description' as description,
sg -> 'properties' ->> 'destinationPortRange' as destination_port_range,
sg -> 'properties' ->> 'direction' as direction,
sg -> 'properties' ->> 'priority' as priority,
sg -> 'properties' ->> 'sourcePortRange' as source_port_range,
sg -> 'properties' ->> 'protocol' as protocol
from
azure_network_security_group
cross join jsonb_array_elements(security_rules) as sg
where
(
sg -> 'properties' ->> 'sourcePortRange' = '*'
and sg -> 'properties' ->> 'destinationPortRange' = '*'
and sg -> 'properties' ->> 'access' = 'Allow'
);

Default security group rules info

select
name,
sg -> 'name' as sg_name,
sg -> 'properties' ->> 'access' as access,
sg -> 'properties' ->> 'description' as description,
sg -> 'properties' ->> 'destinationPortRange' as destination_port_range,
sg -> 'properties' ->> 'direction' as direction,
sg -> 'properties' ->> 'priority' as priority,
sg -> 'properties' ->> 'sourcePortRange' as source_port_range,
sg -> 'properties' ->> 'protocol' as protocol
from
azure_network_security_group
cross join jsonb_array_elements(default_security_rules) as sg;

.inspect azure_network_security_group

Azure Network Security Group

NameTypeDescription
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
default_security_rulesjsonbA list of default security rules of network security group
etagtextAn unique read-only string that changes whenever the resource is updated
flow_logsjsonbA collection of references to flow log resources
idtextContains ID to identify a network security group uniquely
nametextThe friendly name that identifies the network security group
network_interfacesjsonbA collection of references to network interfaces
provisioning_statetextThe resource type of the network security group
regiontextThe Azure region/location in which the resource is located.
resource_grouptextThe resource group which holds this resource.
resource_guidtextThe resource GUID property of the network security group resource
security_rulesjsonbA list of security rules of network security group
subnetsjsonbA collection of references to subnets
subscription_idtextThe Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextThe resource type of the network security group