steampipe plugin install azure

Table: azure_security_center_contact - Query Azure Security Center Contacts using SQL

Azure Security Center Contacts is a feature within Microsoft Azure that allows you to manage and configure the security contact details in Azure Security Center. These contact details are used by Azure to send notifications regarding security alerts, recommendations, and other important security information. It is a crucial component of Azure's security management system, providing a streamlined way to receive and manage security notifications.

Table Usage Guide

The azure_security_center_contact table provides insights into the contact details configured in Azure Security Center. As a security administrator, explore contact-specific details through this table, including alert notifications, and alert email settings. Utilize it to manage and monitor the communication of security alerts and recommendations from Azure to the designated contacts.

Examples

Basic info

Explore which security center contacts in your Azure environment have alert notifications enabled. This helps to identify who is receiving alerts and whether any necessary contacts are missing from the notifications list.

select
id,
email,
alert_notifications,
alerts_to_admins
from
azure_security_center_contact;
select
id,
email,
alert_notifications,
alerts_to_admins
from
azure_security_center_contact;

List security center contacts not configured with email notifications

Determine areas in which Security Center contacts have been set up without email notifications. This is useful to ensure that all necessary parties are receiving important security alerts and updates.

select
id,
email,
alert_notifications,
alerts_to_admins
from
azure_security_center_contact
where
email != '';
select
id,
email,
alert_notifications,
alerts_to_admins
from
azure_security_center_contact
where
email != '';

Control examples

Schema for azure_security_center_contact

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
alert_notificationstextWhether to send security alerts notifications to the security contact.
alerts_to_adminstextWhether to send security alerts notifications to subscription admins.
cloud_environmenttextThe Azure Cloud Environment.
emailtextThe email of this security contact.
idtextThe resource id.
nametext=The resource name.
phonetextThe phone number of this security contact.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
typetextThe resource type.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_security_center_contact