Differences

This shows you the differences between two versions of the page.

--- azure:azure_powerpipe [2025/05/29 23:05] – mmuze
+++ azure:azure_powerpipe [2026/02/04 15:42] (current) – [Azure] mmuze
@@ Line 1: / Line 1: @@
 ====== Azure Steampipe/Powerpipe ======
+  * Details on installing are here, [[https://github.com/turbot/steampipe-mod-azure-compliance]]
+====== Installation ======
+  - Install Powerpipe
+  - Install Steampipe
+  - Install Steampipe Azure Compliance Mod
+<code>
+sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)"
+sudo /bin/sh -c "$(curl -fsSL https://steampipe.io/install/steampipe.sh)"
+mkdir dashboards
+cd dashboards
+powerpipe mod init
+powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
+</code>
+<code>
+az login --tenant cfc.avertium.com --use-device-code
+</code>
 ====== Azure ======
 For Azure modules I provide authentication using the Azure CLI. Below is an example logging into a tenant.
@@ Line 6: / Line 31: @@
 </code>
+Run CIS Benchmark checks and output the results to HTML.
 <code>
 powerpipe benchmark run azure_compliance.benchmark.cis_v300 --export html
 </code>
+To install and run **Powerpipe** and **Steampipe** for Azure CIS benchmarks, you will follow a four-stage process: installing the binaries, configuring Azure authentication, setting up the plugins, and finally running the compliance mod. [1](https://avertium-my.sharepoint.com/personal/michael_gupton_avertium_com/Documents/Microsoft%20Copilot%20Chat%20Files/powerpipe_azure_assessment.md)
+=== 1. Install Steampipe and Powerpipe ===
+Run these commands in your bash terminal to install the latest versions using the official install scripts.
+<code bash>
+# Install Steampipe
+sudo /bin/sh -c "$(curl -fsSL https://steampipe.io/install/steampipe.sh)"
+# Install Powerpipe
+sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)"
+</code>
+----
+=== 2. Authenticate with Azure ===
+Steampipe uses your existing Azure CLI credentials by default. Ensure you are logged in and have the correct subscription active.
+<code bash>
+# Log in to Azure
+az login
+# (Optional) Set the specific subscription you want to scan
+az account set --subscription "Your-Subscription-ID"
+</code>
+----
+=== 3. Install Plugins and Compliance Mod ===
+Steampipe needs the **Azure** and **Azure AD** plugins to fetch data, while Powerpipe needs the **Azure Compliance** mod to run the CIS checks.
+<code bash>
+# Install required Steampipe plugins
+steampipe plugin install azure
+steampipe plugin install azuread
+# Create a directory for your compliance checks and initialize a mod
+mkdir azure-compliance
+cd azure-compliance
+powerpipe mod init
+# Install the Azure Compliance mod
+powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
+</code>
+----
+=== 4. Run the CIS Benchmark ===
+You must start the Steampipe service so Powerpipe can query it, then run the benchmark command.
+<code bash>
+# Start the Steampipe service in the background
+steampipe service start
+# Run the CIS v3.0.0 benchmark (or choose your preferred version)
+powerpipe benchmark run azure_compliance.benchmark.cis_v300 --export cis_300.html
+</code>
+<WRAP tip>
+**Prefer a visual dashboard?** Instead of ``run``, use ``powerpipe server`` and navigate to ``http://localhost:9033`` in your browser to view the results in a rich, interactive UI.
+</WRAP>
+----
+=== Summary of Common Benchmarks ===
+^ Framework ^ Command ^
+| **CIS v3.0.0** | ``powerpipe benchmark run azure_compliance.benchmark.cis_v300`` |
+| **CIS v2.1.0** | ``powerpipe benchmark run azure_compliance.benchmark.cis_v210`` |
+| **NIST SP 800-53** | ``powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_53_rev_5`` |
+``