diff --git a/compliance/controls/aws/aws_cis_v120_3_5.yaml b/compliance/controls/aws/aws_cis_v120_3_5.yaml index 9902e7b7a..a0958a379 100644 --- a/compliance/controls/aws/aws_cis_v120_3_5.yaml +++ b/compliance/controls/aws/aws_cis_v120_3_5.yaml @@ -5,13 +5,13 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: + - aws_account - aws_cloudtrail_trail - aws_cloudwatch_alarm - aws_sns_topic_subscription - aws_cloudwatch_log_metric_filter - - aws_account Parameters: [] - PrimaryTable: aws_cloudtrail_trail + PrimaryTable: aws_account QueryToExecute: | WITH trails AS ( SELECT diff --git a/compliance/controls/aws/aws_cis_v140_1_17.yaml b/compliance/controls/aws/aws_cis_v140_1_17.yaml index 1a9911738..549b83799 100644 --- a/compliance/controls/aws/aws_cis_v140_1_17.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_17.yaml @@ -8,7 +8,7 @@ Query: - aws_account - aws_iam_role Parameters: [] - PrimaryTable: aws_iam_role + PrimaryTable: aws_account QueryToExecute: | WITH support_role_count AS ( SELECT diff --git a/compliance/controls/aws/aws_cis_v140_4_14.yaml b/compliance/controls/aws/aws_cis_v140_4_14.yaml index ee229645c..69a21fa48 100644 --- a/compliance/controls/aws/aws_cis_v140_4_14.yaml +++ b/compliance/controls/aws/aws_cis_v140_4_14.yaml @@ -11,7 +11,7 @@ Query: - aws_cloudwatch_log_metric_filter - aws_account Parameters: [] - PrimaryTable: aws_cloudtrail_trail + PrimaryTable: aws_account QueryToExecute: | WITH trails AS ( SELECT diff --git a/compliance/controls/aws/aws_cis_v140_4_5.yaml b/compliance/controls/aws/aws_cis_v140_4_5.yaml index 90008a661..2390a3d59 100644 --- a/compliance/controls/aws/aws_cis_v140_4_5.yaml +++ b/compliance/controls/aws/aws_cis_v140_4_5.yaml @@ -5,13 +5,13 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: + - aws_account - aws_cloudtrail_trail - aws_cloudwatch_alarm - aws_sns_topic_subscription - aws_cloudwatch_log_metric_filter - - aws_account Parameters: [] - PrimaryTable: aws_cloudtrail_trail + PrimaryTable: aws_account QueryToExecute: | WITH trails AS ( SELECT diff --git a/compliance/controls/aws/aws_cis_v150_1_17.yaml b/compliance/controls/aws/aws_cis_v150_1_17.yaml index db2933fe8..e0f2e4df9 100644 --- a/compliance/controls/aws/aws_cis_v150_1_17.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_17.yaml @@ -8,7 +8,7 @@ Query: - aws_account - aws_iam_role Parameters: [] - PrimaryTable: aws_iam_role + PrimaryTable: aws_account QueryToExecute: | WITH support_role_count AS ( SELECT diff --git a/compliance/controls/aws/aws_cis_v150_1_8.yaml b/compliance/controls/aws/aws_cis_v150_1_8.yaml index d7d5f5499..9d6b936e1 100644 --- a/compliance/controls/aws/aws_cis_v150_1_8.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_8.yaml @@ -8,7 +8,7 @@ Query: - aws_account - aws_iam_account_password_policy Parameters: [] - PrimaryTable: aws_iam_account_password_policy + PrimaryTable: aws_account QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, diff --git a/compliance/controls/aws/aws_cis_v150_1_9.yaml b/compliance/controls/aws/aws_cis_v150_1_9.yaml index f11602e4d..853666866 100644 --- a/compliance/controls/aws/aws_cis_v150_1_9.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_9.yaml @@ -8,7 +8,7 @@ Query: - aws_account - aws_iam_account_password_policy Parameters: [] - PrimaryTable: aws_iam_account_password_policy + PrimaryTable: aws_account QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, diff --git a/compliance/controls/aws/aws_cis_v150_4_10.yaml b/compliance/controls/aws/aws_cis_v150_4_10.yaml index 85dec1514..702e339f5 100644 --- a/compliance/controls/aws/aws_cis_v150_4_10.yaml +++ b/compliance/controls/aws/aws_cis_v150_4_10.yaml @@ -11,7 +11,7 @@ Query: - aws_cloudwatch_log_metric_filter - aws_account Parameters: [] - PrimaryTable: aws_cloudtrail_trail + PrimaryTable: aws_account QueryToExecute: | WITH trails AS ( SELECT diff --git a/compliance/controls/aws/aws_cis_v150_4_5.yaml b/compliance/controls/aws/aws_cis_v150_4_5.yaml index 284afd91c..3c8e5ea1b 100644 --- a/compliance/controls/aws/aws_cis_v150_4_5.yaml +++ b/compliance/controls/aws/aws_cis_v150_4_5.yaml @@ -5,13 +5,13 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: + - aws_account - aws_cloudtrail_trail - aws_cloudwatch_alarm - aws_sns_topic_subscription - aws_cloudwatch_log_metric_filter - - aws_account Parameters: [] - PrimaryTable: aws_cloudtrail_trail + PrimaryTable: aws_account QueryToExecute: | WITH trails AS ( SELECT diff --git a/compliance/controls/aws/aws_cis_v200_4_3.yaml b/compliance/controls/aws/aws_cis_v200_4_3.yaml index e090a9db6..7a1ff5028 100644 --- a/compliance/controls/aws/aws_cis_v200_4_3.yaml +++ b/compliance/controls/aws/aws_cis_v200_4_3.yaml @@ -13,7 +13,7 @@ Query: - aws_cloudwatch_log_metric_filter - aws_account Parameters: [] - PrimaryTable: aws_cloudtrail_trail + PrimaryTable: aws_account QueryToExecute: | WITH trails AS ( SELECT diff --git a/compliance/controls/aws/aws_cis_v300_1_17.yaml b/compliance/controls/aws/aws_cis_v300_1_17.yaml index 67b5dcdf5..08c30cffa 100644 --- a/compliance/controls/aws/aws_cis_v300_1_17.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_17.yaml @@ -8,7 +8,7 @@ Query: - aws_account - aws_iam_role Parameters: [] - PrimaryTable: aws_iam_role + PrimaryTable: aws_account QueryToExecute: | WITH support_role_count AS ( SELECT diff --git a/compliance/controls/aws/aws_cis_v300_4_12.yaml b/compliance/controls/aws/aws_cis_v300_4_12.yaml index b06b5bc6f..2b98ca7f7 100644 --- a/compliance/controls/aws/aws_cis_v300_4_12.yaml +++ b/compliance/controls/aws/aws_cis_v300_4_12.yaml @@ -5,13 +5,13 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: + - aws_account - aws_cloudtrail_trail - aws_cloudwatch_alarm - aws_sns_topic_subscription - aws_cloudwatch_log_metric_filter - - aws_account Parameters: [] - PrimaryTable: aws_cloudtrail_trail + PrimaryTable: aws_account QueryToExecute: | WITH trails AS ( SELECT diff --git a/compliance/controls/aws/aws_cloudwatch_cross_account_sharing.yaml b/compliance/controls/aws/aws_cloudwatch_cross_account_sharing.yaml index dd3f5e91d..d3f3d6592 100644 --- a/compliance/controls/aws/aws_cloudwatch_cross_account_sharing.yaml +++ b/compliance/controls/aws/aws_cloudwatch_cross_account_sharing.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - aws_iam_role - aws_account + - aws_iam_role Parameters: [] - PrimaryTable: aws_iam_role + PrimaryTable: aws_account QueryToExecute: | WITH iam_role_cross_account_sharing_count AS ( SELECT diff --git a/compliance/controls/aws/aws_dlm_ebs_snapshot_lifecycle_policy_enabled.yaml b/compliance/controls/aws/aws_dlm_ebs_snapshot_lifecycle_policy_enabled.yaml index 6edb6f9c6..8d78ae687 100644 --- a/compliance/controls/aws/aws_dlm_ebs_snapshot_lifecycle_policy_enabled.yaml +++ b/compliance/controls/aws/aws_dlm_ebs_snapshot_lifecycle_policy_enabled.yaml @@ -8,7 +8,7 @@ Query: - aws_ebs_snapshot - aws_dlm_lifecycle_policy Parameters: [] - PrimaryTable: aws_dlm_lifecycle_policy + PrimaryTable: aws_ebs_snapshot QueryToExecute: | WITH region_with_ebs_snapshots AS ( SELECT diff --git a/compliance/controls/aws/aws_foundational_security_cloudtrail_1.yaml b/compliance/controls/aws/aws_foundational_security_cloudtrail_1.yaml index 65d77d3e5..7ba7cc519 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudtrail_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudtrail_1.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - aws_cloudtrail_trail - aws_account + - aws_cloudtrail_trail Parameters: [] - PrimaryTable: aws_cloudtrail_trail + PrimaryTable: aws_account QueryToExecute: | WITH multi_region_trails AS ( SELECT diff --git a/compliance/controls/aws/aws_vpc_in_more_than_one_region.yaml b/compliance/controls/aws/aws_vpc_in_more_than_one_region.yaml index 63b0092fb..1d7da0698 100644 --- a/compliance/controls/aws/aws_vpc_in_more_than_one_region.yaml +++ b/compliance/controls/aws/aws_vpc_in_more_than_one_region.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - aws_vpc - aws_account + - aws_vpc Parameters: [] - PrimaryTable: aws_vpc + PrimaryTable: aws_account QueryToExecute: | WITH vpc_region_list AS ( SELECT diff --git a/compliance/controls/azure/azure_cis_v130_2_13.yaml b/compliance/controls/azure/azure_cis_v130_2_13.yaml index 85133cb04..97399cf1b 100644 --- a/compliance/controls/azure/azure_cis_v130_2_13.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_13.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_security_center_contact - azure_subscription + - azure_security_center_contact Parameters: [] - PrimaryTable: azure_security_center_contact + PrimaryTable: azure_subscription QueryToExecute: | WITH contact_info AS ( SELECT diff --git a/compliance/controls/azure/azure_cis_v140_2_13.yaml b/compliance/controls/azure/azure_cis_v140_2_13.yaml index 4689ba202..5e7d59a39 100644 --- a/compliance/controls/azure/azure_cis_v140_2_13.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_13.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_security_center_contact - azure_subscription + - azure_security_center_contact Parameters: [] - PrimaryTable: azure_security_center_contact + PrimaryTable: azure_subscription QueryToExecute: | WITH contact_info AS ( SELECT diff --git a/compliance/controls/azure/azure_cis_v150_2_3_2.yaml b/compliance/controls/azure/azure_cis_v150_2_3_2.yaml index c257959f3..21023a03c 100644 --- a/compliance/controls/azure/azure_cis_v150_2_3_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_3_2.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_security_center_contact - azure_subscription + - azure_security_center_contact Parameters: [] - PrimaryTable: azure_security_center_contact + PrimaryTable: azure_subscription QueryToExecute: | WITH contact_info AS ( SELECT diff --git a/compliance/controls/azure/azure_cis_v200_2_1_14.yaml b/compliance/controls/azure/azure_cis_v200_2_1_14.yaml index ef15a3c95..ab12267b0 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_14.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_14.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_policy_assignment - azure_subscription + - azure_policy_assignment Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v200_5_2_7.yaml b/compliance/controls/azure/azure_cis_v200_5_2_7.yaml index 677dae669..2911dec95 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_7.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v200_5_2_8.yaml b/compliance/controls/azure/azure_cis_v200_5_2_8.yaml index 0c7d1906e..d6197a8e0 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_8.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_8.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v200_5_2_9.yaml b/compliance/controls/azure/azure_cis_v200_5_2_9.yaml index 12fbd0176..da2d5d25f 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_9.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_9.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v200_5_3_1.yaml b/compliance/controls/azure/azure_cis_v200_5_3_1.yaml index 34ef9d813..9943f7de6 100644 --- a/compliance/controls/azure/azure_cis_v200_5_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_3_1.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_application_insight - azure_subscription + - azure_application_insight Parameters: [] - PrimaryTable: azure_application_insight + PrimaryTable: azure_subscription QueryToExecute: | WITH application_insights AS ( SELECT diff --git a/compliance/controls/azure/azure_cis_v200_7_1.yaml b/compliance/controls/azure/azure_cis_v200_7_1.yaml index 6a0aa1b1b..668b399f3 100644 --- a/compliance/controls/azure/azure_cis_v200_7_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_7_1.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_bastion_host - azure_subscription + - azure_bastion_host Parameters: [] - PrimaryTable: azure_bastion_host + PrimaryTable: azure_subscription QueryToExecute: | WITH bastion_hosts AS ( SELECT diff --git a/compliance/controls/azure/azure_cis_v210_2_1_18.yaml b/compliance/controls/azure/azure_cis_v210_2_1_18.yaml index 77e159fb9..d7544cbd1 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_18.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_18.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_security_center_contact - azure_subscription + - azure_security_center_contact Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_5_2_10.yaml b/compliance/controls/azure/azure_cis_v210_5_2_10.yaml index e39918e04..000428552 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_10.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_10.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_5_2_2.yaml b/compliance/controls/azure/azure_cis_v210_5_2_2.yaml index 5038395ea..9634f6322 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_2.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_5_2_3.yaml b/compliance/controls/azure/azure_cis_v210_5_2_3.yaml index 53c2f2612..95b3a6b1d 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_3.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_5_2_4.yaml b/compliance/controls/azure/azure_cis_v210_5_2_4.yaml index 343bc8c31..a9de8566e 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_4.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_5_2_5.yaml b/compliance/controls/azure/azure_cis_v210_5_2_5.yaml index 8628100ee..99afc4d15 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_5.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_5.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_5_2_6.yaml b/compliance/controls/azure/azure_cis_v210_5_2_6.yaml index 5a1294336..06dd7c3a9 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_6.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_5_2_7.yaml b/compliance/controls/azure/azure_cis_v210_5_2_7.yaml index 0ac84b4c2..449414741 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_7.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_5_2_8.yaml b/compliance/controls/azure/azure_cis_v210_5_2_8.yaml index f96998b72..6e63de958 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_8.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_8.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_5_3_1.yaml b/compliance/controls/azure/azure_cis_v210_5_3_1.yaml index 550fe4780..124748076 100644 --- a/compliance/controls/azure/azure_cis_v210_5_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_3_1.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_application_insight - azure_subscription + - azure_application_insight Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_cis_v210_7_1.yaml b/compliance/controls/azure/azure_cis_v210_7_1.yaml index 8d167aed0..c974be458 100644 --- a/compliance/controls/azure/azure_cis_v210_7_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_1.yaml @@ -5,8 +5,8 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_bastion_host - azure_subscription + - azure_bastion_host Parameters: [] PrimaryTable: azure_subscription QueryToExecute: | diff --git a/compliance/controls/azure/azure_monitor_application_insights_configured.yaml b/compliance/controls/azure/azure_monitor_application_insights_configured.yaml index a7146bad6..726e64e76 100644 --- a/compliance/controls/azure/azure_monitor_application_insights_configured.yaml +++ b/compliance/controls/azure/azure_monitor_application_insights_configured.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_application_insight - azure_subscription + - azure_application_insight Parameters: [] - PrimaryTable: azure_application_insight + PrimaryTable: azure_subscription QueryToExecute: | WITH application_insights AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_policy_assignment.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_policy_assignment.yaml index 781483b16..7ea227a6b 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_policy_assignment.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_policy_assignment.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg.yaml index fa44430f6..7ded0f036 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg_rule.yaml index 5d2b801fa..0e400717f 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg_rule.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_public_ip_address.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_public_ip_address.yaml index 158d92374..b1dcc56e3 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_public_ip_address.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_public_ip_address.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_security_solution.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_security_solution.yaml index e62bd3d7c..e0870a56f 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_security_solution.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_security_solution.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_sql_servers_firewall_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_sql_servers_firewall_rule.yaml index b5bab85d4..f819f04e5 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_sql_servers_firewall_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_sql_servers_firewall_rule.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_nsg.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_nsg.yaml index 516c6f9c7..37bc272a0 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_nsg.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_nsg.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_nsg_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_nsg_rule.yaml index 1d5b06407..cf38f5b83 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_nsg_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_nsg_rule.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_policy_assignment.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_policy_assignment.yaml index bb1f6a788..4c76c15d3 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_policy_assignment.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_policy_assignment.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_public_ip_address.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_public_ip_address.yaml index 42e718a63..6837f0e95 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_public_ip_address.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_public_ip_address.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_security_solution.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_security_solution.yaml index abe4437b0..f40067922 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_security_solution.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_security_solution.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_sql_servers_firewall_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_sql_servers_firewall_rule.yaml index 959b76ccc..ea29434de 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_sql_servers_firewall_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_sql_servers_firewall_rule.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_for_administrative_operations.yaml b/compliance/controls/azure/azure_monitor_log_alert_for_administrative_operations.yaml index 4e84efae9..d1f71b0ee 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_for_administrative_operations.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_for_administrative_operations.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_monitor_log_alert_sql_firewall_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_sql_firewall_rule.yaml index eeaf1a6ff..e40cdd494 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_sql_firewall_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_sql_firewall_rule.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_log_alert - azure_subscription + - azure_log_alert Parameters: [] - PrimaryTable: azure_log_alert + PrimaryTable: azure_subscription QueryToExecute: | WITH alert_rule AS ( SELECT diff --git a/compliance/controls/azure/azure_network_bastion_host_min_1.yaml b/compliance/controls/azure/azure_network_bastion_host_min_1.yaml index 8017e1902..8f49067a9 100644 --- a/compliance/controls/azure/azure_network_bastion_host_min_1.yaml +++ b/compliance/controls/azure/azure_network_bastion_host_min_1.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_bastion_host - azure_subscription + - azure_bastion_host Parameters: [] - PrimaryTable: azure_bastion_host + PrimaryTable: azure_subscription QueryToExecute: | WITH bastion_hosts AS ( SELECT diff --git a/compliance/controls/azure/azure_securitycenter_additional_email_configured.yaml b/compliance/controls/azure/azure_securitycenter_additional_email_configured.yaml index f43321de5..7203f4927 100644 --- a/compliance/controls/azure/azure_securitycenter_additional_email_configured.yaml +++ b/compliance/controls/azure/azure_securitycenter_additional_email_configured.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_security_center_contact - azure_subscription + - azure_security_center_contact Parameters: [] - PrimaryTable: azure_security_center_contact + PrimaryTable: azure_subscription QueryToExecute: | WITH contact_info AS ( SELECT diff --git a/compliance/controls/azure/azure_securitycenter_asc_default_setting_not_disabled.yaml b/compliance/controls/azure/azure_securitycenter_asc_default_setting_not_disabled.yaml index e4eb32e8c..345567f34 100644 --- a/compliance/controls/azure/azure_securitycenter_asc_default_setting_not_disabled.yaml +++ b/compliance/controls/azure/azure_securitycenter_asc_default_setting_not_disabled.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_policy_assignment - azure_subscription + - azure_policy_assignment Parameters: [] - PrimaryTable: azure_policy_assignment + PrimaryTable: azure_subscription QueryToExecute: | WITH policy_assignment_parameters AS ( SELECT diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_database.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_database.yaml index 1bb448983..f473bb4e1 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_database.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_database.yaml @@ -9,10 +9,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_security_center_subscription_pricing - azure_subscription + - azure_security_center_subscription_pricing Parameters: [] - PrimaryTable: azure_security_center_subscription_pricing + PrimaryTable: azure_subscription QueryToExecute: | WITH defender_list AS ( SELECT diff --git a/compliance/controls/azure/azure_securitycenter_email_configured.yaml b/compliance/controls/azure/azure_securitycenter_email_configured.yaml index efb29f411..7c1d47460 100644 --- a/compliance/controls/azure/azure_securitycenter_email_configured.yaml +++ b/compliance/controls/azure/azure_securitycenter_email_configured.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_security_center_contact - azure_subscription + - azure_security_center_contact Parameters: [] - PrimaryTable: azure_security_center_contact + PrimaryTable: azure_subscription QueryToExecute: | WITH contact_info AS ( SELECT diff --git a/compliance/controls/azure/azure_securitycenter_notify_alerts_configured.yaml b/compliance/controls/azure/azure_securitycenter_notify_alerts_configured.yaml index bb45e2199..01ed58b05 100644 --- a/compliance/controls/azure/azure_securitycenter_notify_alerts_configured.yaml +++ b/compliance/controls/azure/azure_securitycenter_notify_alerts_configured.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_security_center_contact - azure_subscription + - azure_security_center_contact Parameters: [] - PrimaryTable: azure_security_center_contact + PrimaryTable: azure_subscription QueryToExecute: | WITH contact_info AS ( SELECT diff --git a/compliance/controls/azure/azure_securitycenter_security_alerts_to_owner_enabled.yaml b/compliance/controls/azure/azure_securitycenter_security_alerts_to_owner_enabled.yaml index cfc3358d2..a09707183 100644 --- a/compliance/controls/azure/azure_securitycenter_security_alerts_to_owner_enabled.yaml +++ b/compliance/controls/azure/azure_securitycenter_security_alerts_to_owner_enabled.yaml @@ -5,10 +5,10 @@ IntegrationType: Query: Engine: CloudQL-v0.0.1 ListOfTables: - - azure_security_center_contact - azure_subscription + - azure_security_center_contact Parameters: [] - PrimaryTable: azure_security_center_contact + PrimaryTable: azure_subscription QueryToExecute: | WITH contact_info AS ( SELECT diff --git a/compliance/controls/pending/azure/azure_cis_v130_4_3_4.yaml b/compliance/controls/pending/azure/azure_cis_v130_4_3_4.yaml index a4fd5a19c..62e64e289 100644 --- a/compliance/controls/pending/azure/azure_cis_v130_4_3_4.yaml +++ b/compliance/controls/pending/azure/azure_cis_v130_4_3_4.yaml @@ -4,12 +4,16 @@ IntegrationType: - azure_subscription Query: Engine: CloudQL-v0.0.1 - ListOfTables: [] + ListOfTables: + - azure_postgresql_server + - azure_subscription Parameters: [] - PrimaryTable: "" + PrimaryTable: azure_postgresql_server QueryToExecute: | SELECT s.id AS resource, + s.og_account_id AS og_account_id, + s.og_resource_id AS og_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') != 'on' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/pending/azure/azure_mariadb_server_private_link_used.yaml b/compliance/controls/pending/azure/azure_mariadb_server_private_link_used.yaml index c8b612bc8..6e5c697e5 100644 --- a/compliance/controls/pending/azure/azure_mariadb_server_private_link_used.yaml +++ b/compliance/controls/pending/azure/azure_mariadb_server_private_link_used.yaml @@ -4,12 +4,16 @@ IntegrationType: - azure_subscription Query: Engine: CloudQL-v0.0.1 - ListOfTables: [] + ListOfTables: + - azure_mariadb_server + - azure_subscription Parameters: [] - PrimaryTable: "" + PrimaryTable: azure_mariadb_server QueryToExecute: | SELECT a.id AS resource, + a.og_account_id AS og_account_id, + a.og_resource_id AS og_resource_id, CASE WHEN sku_tier = 'Basic' THEN 'skip' WHEN private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]'::jsonb THEN 'ok'