Table: azure_security_center_setting - Query Azure Security Center Settings using SQL
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of data centers and provides advanced threat protection across hybrid workloads in the cloud. It provides a centralized way to monitor and respond to security issues across your Azure resources, including virtual machines, databases, web applications, and more. Azure Security Center helps you stay informed about the security status and take appropriate actions when predefined conditions are met.
Table Usage Guide
The azure_security_center_setting
table provides insights into settings within Azure Security Center. As a Security Analyst, explore setting-specific details through this table, including configurations, contact details, and auto provisioning settings. Utilize it to uncover information about settings, such as those with auto provisioning enabled, the contact details for security notifications, and the verification of security configurations.
Examples
Basic info
Discover the segments that are enabled in the Azure Security Center. This query is useful for quickly assessing the active areas of your security configuration.
select id, name, enabledfrom azure_security_center_setting;
select id, name, enabledfrom azure_security_center_setting;
List the enabled settings for security center
Explore which security settings are currently activated in the Azure Security Center to ensure your system is adequately protected and compliant with security protocols. This is useful for maintaining a secure environment and identifying any potential gaps in your security configuration.
select id, name, typefrom azure_security_center_settingwhere enabled;
select id, name, typefrom azure_security_center_settingwhere enabled = 1;
Control examples
- All Controls > Security Center > Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is selected
- All Controls > Security Center > Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected
- CIS v1.3.0 > 2 Security Center > 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected
- CIS v1.3.0 > 2 Security Center > 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected
- CIS v1.4.0 > 2 Microsoft Defender for Cloud > 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected
- CIS v1.4.0 > 2 Microsoft Defender for Cloud > 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected
- CIS v1.5.0 > 2 Microsoft Defender for Cloud > 2.4 Integrations > 2.4.1 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- CIS v1.5.0 > 2 Microsoft Defender for Cloud > 2.4 Integrations > 2.4.2 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
- CIS v2.0.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- CIS v2.0.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
- CIS v2.1.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.20 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- CIS v2.1.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.21 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
- CIS v3.0.0 > 3 Security > 3.1 Microsoft Defender for Cloud > 3.1.1 Microsoft Cloud Security Posture Management (CSPM) > 3.1.1.2 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- CIS v3.0.0 > 3 Security > 3.1 Microsoft Defender for Cloud > 3.1.3 Defender Plan: Servers > 3.1.3.3 Ensure that 'Endpoint protection' component status is set to 'On'
Schema for azure_security_center_setting
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
cloud_environment | text | The Azure Cloud Environment. | |
enabled | boolean | Check if the setting is enabled. | |
id | text | The resource id. | |
kind | text | The kind of the setting. | |
name | text | = | The resource name. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
title | text | Title of the resource. | |
type | text | The resource type. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure
You can pass the configuration to the command with the --config
argument:
steampipe_export_azure --config '<your_config>' azure_security_center_setting