azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_web_application_firewall_policy - Query Azure Web Application Firewall Policies using SQL
Azure Web Application Firewall (WAF) is a service that helps protect your web applications by filtering and monitoring HTTP traffic between a web application and the Internet. The azure_web_application_firewall_policy table in Steampipe allows you to query information about WAF policies in Azure, including their custom and managed rules, associated application gateways, HTTP listeners, and more.
Table Usage Guide
The azure_web_application_firewall_policy table enables cloud administrators and security engineers to gather detailed insights into their WAF policies. You can query various aspects of the policies, such as their custom rules, managed rules, provisioning state, and associated application gateways. This table is particularly useful for monitoring the security of web applications, managing WAF policy configurations, and ensuring that your web applications are protected against threats.
Examples
Basic info
Retrieve basic information about your Azure WAF policies, including their name, resource group, and region.
select name, id, resource_group, region, provisioning_statefrom azure_web_application_firewall_policy;select name, id, resource_group, region, provisioning_statefrom azure_web_application_firewall_policy;List policies with custom rules
Fetch WAF policies that include custom rules, which can be useful for identifying policies with specific, user-defined security measures.
select name, custom_rulesfrom azure_web_application_firewall_policywhere custom_rules is not null;select name, custom_rulesfrom azure_web_application_firewall_policywhere json_extract(custom_rules, '$[0]') is not null;List policies by provisioning state
Identify WAF policies based on their provisioning state, such as those that are currently updating or have failed.
select name, provisioning_state, regionfrom azure_web_application_firewall_policywhere provisioning_state = 'ProvisioningStateUpdating';select name, provisioning_state, regionfrom azure_web_application_firewall_policywhere provisioning_state = 'ProvisioningStateUpdating';Get managed rules for each policy
Retrieve the managed rules associated with each WAF policy to understand the built-in protections that are applied to your web applications.
select name, managed_rules -> 'Exclusions' as exclusions, managed_rules -> 'ManagedRuleSets' as managed_rule_setsfrom azure_web_application_firewall_policy;select name, json_extract(managed_rules, '$.Exclusions') as exclusions, json_extract(managed_rules, '$.ManagedRuleSets') as managed_rule_setsfrom azure_web_application_firewall_policy;List policies with associated application gateways
Identify WAF policies that are linked to specific application gateways, which can help in managing and securing web traffic.
select name, application_gatewaysfrom azure_web_application_firewall_policywhere application_gateways is not null;select name, application_gatewaysfrom azure_web_application_firewall_policywhere json_extract(application_gateways, '$[0]') is not null;List policies with HTTP listeners
Fetch WAF policies that are associated with specific HTTP listeners, which can be important for understanding how traffic is being monitored and filtered.
select name, http_listenersfrom azure_web_application_firewall_policywhere http_listeners is not null;select name, http_listenersfrom azure_web_application_firewall_policywhere json_extract(http_listeners, '$[0]') is not null;Get application gateway details that are associated with the firewall policy
Get application gateway associated with WAF policies and configurations
select a.name as application_name, a.provisioning_state as application_provisioning_state, a.enable_fips, a.autoscale_configuration, p.name as policy_name, p.policy_settingsfrom azure_application_gateway as a join azure_web_application_firewall_policy as p on (a.firewall_policy ->> 'id') = p.id;select a.name as application_name, a.provisioning_state as application_provisioning_state, a.enable_fips, a.autoscale_configuration, p.name as policy_name, p.policy_settingsfrom azure_application_gateway as a join azure_web_application_firewall_policy as p on json_extract(a.firewall_policy, '$.id') = p.id;Schema for azure_web_application_firewall_policy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| application_gateways | jsonb | A collection of references to application gateways. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| custom_rules | jsonb | The custom rules inside the policy. | |
| etag | text | A unique read-only string that changes whenever the resource is updated. | |
| http_listeners | jsonb | A collection of references to application gateway http listeners. | |
| id | text | Resource ID. | |
| managed_rules | jsonb | Describes the managedRules structure. | |
| name | text | = | Resource name. |
| path_based_rules | jsonb | A collection of references to application gateway path rules. | |
| policy_settings | jsonb | The PolicySettings for policy. | |
| provisioning_state | text | The provisioning state of the web application firewall policy resource. Possible values include: 'ProvisioningStateSucceeded', 'ProvisioningStateUpdating', 'ProvisioningStateDeleting', 'ProvisioningStateFailed'. | |
| region | text | The Azure region/location in which the resource is located. | |
| resource_group | text | = | The resource group which holds this resource. |
| resource_state | text | Resource status of the policy. Possible values include: 'WebApplicationFirewallPolicyResourceStateCreating', 'WebApplicationFirewallPolicyResourceStateEnabling', 'WebApplicationFirewallPolicyResourceStateEnabled', 'WebApplicationFirewallPolicyResourceStateDisabling', 'WebApplicationFirewallPolicyResourceStateDisabled', 'WebApplicationFirewallPolicyResourceStateDeleting'. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | Resource type. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_web_application_firewall_policy