Steampipe Mod Azure Compliance Save
Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, HIPAA HITRUST, NIST, and more across all of your Azure subscriptions using Powerpipe and Steampipe.
Azure Compliance Mod for Powerpipe
[!IMPORTANT]
Powerpipe is now the preferred way to run this mod! Migrating from Steampipe →All v0.x versions of this mod will work in both Steampipe and Powerpipe, but v1.0.0 onwards will be in Powerpipe format only.
200+ checks covering industry defined security best practices for Azure. Includes full support for CIS v1.3,CIS v1.4,CIS v1.5,CIS v2.0,CIS v2.1,HIPAA HITRUST 9.2,NIST SP 800-53 and PCI DSS v3.2.1 compliance benchmarks across all your Azure subscriptions.
Includes full support for the CIS v1.3 Azure Benchmarks.
Run checks in a dashboard:
Or in a terminal:
Documentation
Getting Started
Installation
Install Powerpipe (https://powerpipe.io/downloads), or use Brew:
brew install turbot/tap/powerpipe
This mod also requires Steampipe with the Azure plugin and the Azure Active Directory plugin as the data source. Install Steampipe (https://steampipe.io/downloads), or use Brew:
brew install turbot/tap/steampipe
steampipe plugin install azure
steampipe plugin install azuread
Steampipe will automatically use your default Azure and Azure Active Directory credentials. Optionally, you can setup multiple subscriptions for Azure or customize Azure credentials or you can setup multiple tenants for Azure Active Directory or customize Azure Active Directory credentials.
Finally, install the mod:
mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Browsing Dashboards
Start Steampipe as the data source:
steampipe service start
Start the dashboard server:
powerpipe server
Browse and view your dashboards at http://localhost:9033.
Running Checks in Your Terminal
Instead of running benchmarks in a dashboard, you can also run them within your
terminal with the powerpipe benchmark command:
List available benchmarks:
powerpipe benchmark list
Run a benchmark:
powerpipe benchmark run azure_compliance.benchmark.cis_v200
Different output formats are also available, for more information please see Output Formats.
Common and Tag Dimensions
The benchmark queries use common properties (like connection_name, resource_group, region, subscription and subscription_id) and tags that are defined in the form of a default list of strings in the variables.sp file. These properties can be overwritten in several ways:
It's easiest to setup your vars file, starting with the sample:
cp steampipe.spvars.example steampipe.spvars
vi steampipe.spvars
Alternatively you can pass variables on the command line:
powerpipe benchmark run azure_compliance.benchmark.cis_v200 --var 'tag_dimensions=["Environment", "Owner"]'
Or through environment variables:
export PP_VAR_common_dimensions='["subscription_id", "connection_name", "resource_group"]'
export PP_VAR_tag_dimensions='["Environment", "Owner"]'
powerpipe benchmark run azure_compliance.benchmark.cis_v200
Open Source & Contributing
This repository is published under the Apache 2.0 license. Please see our code of conduct. We look forward to collaborating with you!
Steampipe and Powerpipe are products produced from this open source software, exclusively by Turbot HQ, Inc. They are distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our Open Source FAQ.
Get Involved
Want to help but don't know where to start? Pick up one of the help wanted issues:
Open Source Agenda Badge
