steampipe plugin install azure

Table: azure_security_center_jit_network_access_policy - Query Azure Security Center Just-In-Time Network Access Policies using SQL

Azure Security Center Just-In-Time Network Access Policies are resources within Microsoft Azure that provide controlled access to Azure VMs. They reduce exposure to attacks by enabling access to VMs only when needed and from specific, approved IP addresses. Azure JIT Network Access Policies help maintain a secure environment by minimizing the potential attack surface.

Table Usage Guide

The azure_security_center_jit_network_access_policy table provides insights into Just-In-Time Network Access Policies within Azure Security Center. As a security analyst, you can explore policy-specific details through this table, including policy configurations, associated resources, and access controls. Utilize it to uncover information about policies, such as their status, provisioned locations, and the resources they are associated with.

Examples

List virtual machines with JIT access enabled

The query is useful for identifying virtual machines that have Just-In-Time (JIT) access enabled, a feature that can help enhance security by limiting open ports. This can be particularly helpful in managing security risks and ensuring that only necessary access points are open.

select
vm.name,
vm.id,
jsonb_pretty(vms -> 'ports') as ports
from
azure_security_center_jit_network_access_policy,
jsonb_array_elements(virtual_machines) as vms,
azure_compute_virtual_machine as vm
where
lower(vms ->> 'id') = lower(vm.id);
select
vm.name,
vm.id,
vms.value as ports
from
azure_security_center_jit_network_access_policy,
json_each(virtual_machines) as vms,
azure_compute_virtual_machine as vm
where
lower(json_extract(vms.value, '$.id')) = lower(vm.id);

Schema for azure_security_center_jit_network_access_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
cloud_environmenttextThe Azure Cloud Environment.
idtextThe resource id.
kindtextKind of the resource.
nametextThe resource name.
provisioning_statetextThe provisioning state of the Just-in-Time policy.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
typetextThe resource type.
virtual_machinesjsonbConfigurations for Microsoft.Compute/virtualMachines resource type.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_security_center_jit_network_access_policy