Table: azure_security_center_setting - Query Azure Security Center Settings using SQL
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of data centers and provides advanced threat protection across hybrid workloads in the cloud. It provides a centralized way to monitor and respond to security issues across your Azure resources, including virtual machines, databases, web applications, and more. Azure Security Center helps you stay informed about the security status and take appropriate actions when predefined conditions are met.
Table Usage Guide
The azure_security_center_setting table provides insights into settings within Azure Security Center. As a Security Analyst, explore setting-specific details through this table, including configurations, contact details, and auto provisioning settings. Utilize it to uncover information about settings, such as those with auto provisioning enabled, the contact details for security notifications, and the verification of security configurations.
Examples
Basic info
Discover the segments that are enabled in the Azure Security Center. This query is useful for quickly assessing the active areas of your security configuration.
select id, name, enabledfrom azure_security_center_setting;select id, name, enabledfrom azure_security_center_setting;List the enabled settings for security center
Explore which security settings are currently activated in the Azure Security Center to ensure your system is adequately protected and compliant with security protocols. This is useful for maintaining a secure environment and identifying any potential gaps in your security configuration.
select id, name, typefrom azure_security_center_settingwhere enabled;select id, name, typefrom azure_security_center_settingwhere enabled = 1;Control examples
- 2.1.20 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- 2.1.21 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
- 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
- 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected
- 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected
- 2.4.1 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- 2.4.2 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
- 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected
- 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected
- Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is selected
- Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected
Schema for azure_security_center_setting
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| enabled | boolean | Data export setting status. | |
| id | text | The resource id. | |
| kind | text | The kind of the settings string (DataExportSettings). | |
| name | text | = | The resource name. |
| subscription_id | text | The Azure Subscription ID in which the resource is located. | |
| title | text | Title of the resource. | |
| type | text | The resource type. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_security_center_setting