steampipe plugin install azure

Table: azure_security_center_sub_assessment - Query Azure Security Center Sub-Assessments using SQL

Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not. It provides security management and threat protection across your hybrid cloud workloads. It allows you to prevent, detect, and respond to threats with increased visibility.

Table Usage Guide

The azure_security_center_sub_assessment table provides insights into the detailed security findings for each resource within Azure Security Center. As a security engineer, you can explore specific security assessment details through this table, including severity, status, and associated metadata. Utilize it to uncover information about security vulnerabilities and the remediation steps for each resource.

Examples

Basic info

Explore the various sub-assessments within Azure's Security Center. This allows you to understand and categorize different security elements by their unique identifiers, names, display names, types, and categories, providing a comprehensive overview of your security landscape.

select
id,
name,
display_name,
type,
category
from
azure_security_center_sub_assessment;
select
id,
name,
display_name,
type,
category
from
azure_security_center_sub_assessment;

List unhealthy sub assessment details

Determine the areas in which security aspects are marked as unhealthy in Azure Security Center. This provides a way to identify instances where security measures may need to be improved or updated.

select
name,
type,
category,
status
from
azure_security_center_sub_assessment
where
status ->> 'Code' = 'Unhealthy';
select
name,
type,
category,
status
from
azure_security_center_sub_assessment
where
json_extract(status, '$.Code') = 'Unhealthy';

List all container registry vulnerabilities with corresponding remedies

Identify potential security vulnerabilities in your container registry and uncover the specific remediation steps to mitigate them. This is crucial for maintaining robust security practices and ensuring system integrity.

select
container_registry_vulnerability_properties,
remediation,
resource_details
from
azure_security_center_sub_assessment
where
container_registry_vulnerability_properties ->> 'AssessedResourceType' = 'ContainerRegistryVulnerability';
select
container_registry_vulnerability_properties,
remediation,
resource_details
from
azure_security_center_sub_assessment
where
json_extract(
container_registry_vulnerability_properties,
'$.AssessedResourceType'
) = 'ContainerRegistryVulnerability';

List all server vulnerabilities with corresponding remedies

Determine the areas in which server vulnerabilities exist and discover the corresponding remedies. This is beneficial for maintaining server security and ensuring prompt remediation of any identified vulnerabilities.

select
server_vulnerability_properties,
remediation,
resource_details
from
azure_security_center_sub_assessment
where
server_vulnerability_properties ->> 'AssessedResourceType' = 'ServerVulnerabilityAssessment';
select
server_vulnerability_properties,
remediation,
resource_details
from
azure_security_center_sub_assessment
where
json_extract(
server_vulnerability_properties,
'$.AssessedResourceType'
) = 'ServerVulnerabilityAssessment';

List all sql server vulnerabilities with corresponding remedies

Explore vulnerabilities in your SQL server and ascertain appropriate remedies. This query is useful for maintaining security and addressing potential risks in your SQL server environment.

select
sql_server_vulnerability_properties,
remediation,
resource_details
from
azure_security_center_sub_assessment
where
sql_server_vulnerability_properties ->> 'AssessedResourceType' = 'SqlServerVulnerability';
select
sql_server_vulnerability_properties,
remediation,
resource_details
from
azure_security_center_sub_assessment
where
json_extract(
sql_server_vulnerability_properties,
'$.AssessedResourceType'
) = 'SqlServerVulnerability';

Schema for azure_security_center_sub_assessment

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
assessed_resource_typetextDetails of the sub-assessment.
assessment_nametextThe assessment name.
categorytextCategory of the sub-assessment.
cloud_environmenttextThe Azure Cloud Environment.
container_registry_vulnerability_propertiesjsonbContainerRegistryVulnerabilityProperties details of the resource that was assessed.
descriptiontextHuman readable description of the assessment status.
display_nametextUser friendly display name of the sub-assessment.
idtextThe resource id.
impacttextDescription of the impact of this sub-assessment.
nametextThe resource name.
remediationtextInformation on how to remediate this sub-assessment.
resource_detailsjsonbDetails of the resource that was assessed.
resource_grouptextThe resource group which holds this resource.
server_vulnerability_propertiesjsonbServerVulnerabilityProperties details of the resource that was assessed.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
sql_server_vulnerability_propertiesjsonbSQLServerVulnerabilityProperties details of the resource that was assessed.
statusjsonbThe status of the sub-assessment.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
time_generatedtextThe date and time the sub-assessment was generated.
titletextTitle of the resource.
typetextThe resource type.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_security_center_sub_assessment