From 45857300a3aa9ba75cd2760a5a33f0ddf28f079f Mon Sep 17 00:00:00 2001 From: Igor Jovovic Date: Wed, 2 Oct 2024 09:00:51 +1300 Subject: [PATCH 1/2] ARG fix --- checklists/alz_checklist.en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checklists/alz_checklist.en.json b/checklists/alz_checklist.en.json index 761519a48..a09e7e0ed 100644 --- a/checklists/alz_checklist.en.json +++ b/checklists/alz_checklist.en.json @@ -1620,7 +1620,7 @@ "guid": "e8143efa-0301-4d62-be54-ca7b5ce566dc", "id": "D07.22", "severity": "High", - "graph": "resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, /subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | where isempty(ddosProtectionPlanId) | , name, id = firewallId, tags, param1 = strcat('vNet: ', vNetName), param2 = 'ddosProtection: Disabled'", + "graph": "resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | where isempty(ddosProtectionPlanId) | project name, id = firewallId, tags, network = strcat('vNet: ', vNetName), status = 'ddosProtection: Disabled'", "link": "https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview" }, { From 473bd3c7dc16be89521116ac7d9bf4565cac6765 Mon Sep 17 00:00:00 2001 From: Igor Jovovic Date: Thu, 24 Oct 2024 09:14:19 +1300 Subject: [PATCH 2/2] Aligning based on feedback --- checklists/alz_checklist.en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checklists/alz_checklist.en.json b/checklists/alz_checklist.en.json index a09e7e0ed..563901bda 100644 --- a/checklists/alz_checklist.en.json +++ b/checklists/alz_checklist.en.json @@ -1620,7 +1620,7 @@ "guid": "e8143efa-0301-4d62-be54-ca7b5ce566dc", "id": "D07.22", "severity": "High", - "graph": "resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | where isempty(ddosProtectionPlanId) | project name, id = firewallId, tags, network = strcat('vNet: ', vNetName), status = 'ddosProtection: Disabled'", + "graph": "resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName)", "link": "https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview" }, {