steampipe plugin install azuresteampipe plugin install azure

Table: azure_security_center_jit_network_access_policy - Query Azure Security Center Just-In-Time Network Access Policies using SQL

Azure Security Center Just-In-Time Network Access Policies are resources within Microsoft Azure that provide controlled access to Azure VMs. They reduce exposure to attacks by enabling access to VMs only when needed and from specific, approved IP addresses. Azure JIT Network Access Policies help maintain a secure environment by minimizing the potential attack surface.

Table Usage Guide

The azure_security_center_jit_network_access_policy table provides insights into Just-In-Time Network Access Policies within Azure Security Center. As a security analyst, you can explore policy-specific details through this table, including policy configurations, associated resources, and access controls. Utilize it to uncover information about policies, such as their status, provisioned locations, and the resources they are associated with.

Examples

List virtual machines with JIT access enabled

The query is useful for identifying virtual machines that have Just-In-Time (JIT) access enabled, a feature that can help enhance security by limiting open ports. This can be particularly helpful in managing security risks and ensuring that only necessary access points are open.

select
  vm.name,
  vm.id,
  jsonb_pretty(vms -> 'ports') as ports
from
  azure_security_center_jit_network_access_policy,
  jsonb_array_elements(virtual_machines) as vms,
  azure_compute_virtual_machine as vm
where
  lower(vms ->> 'id') = lower(vm.id);

select
  vm.name,
  vm.id,
  vms.value as ports
from
  azure_security_center_jit_network_access_policy,
  json_each(virtual_machines) as vms,
  azure_compute_virtual_machine as vm
where
  lower(json_extract(vms.value, '$.id')) = lower(vm.id);

Control examples

Management ports of virtual machines should be protected with just-in-time network access control

Schema for azure_security_center_jit_network_access_policy

Name	Type	Description
_ctx	jsonb	Steampipe context in JSON form, e.g. connection_name.
akas	jsonb	Array of globally unique identifier strings (also known as) for the resource.
cloud_environment	text	The Azure Cloud Environment.
id	text	The resource id.
kind	text	Kind of the resource.
name	text	The resource name.
provisioning_state	text	The provisioning state of the Just-in-Time policy.
subscription_id	text	The Azure Subscription ID in which the resource is located.
title	text	Title of the resource.
type	text	The resource type.
virtual_machines	jsonb	Configurations for Microsoft.Compute/virtualMachines resource type.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_security_center_jit_network_access_policy