azure:azure_powerpipe

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:azure_powerpipe [2026/02/03 00:11] – [Azure] mmuzeazure:azure_powerpipe [2026/02/04 15:42] (current) – [Azure] mmuze
Line 35: Line 35:
 powerpipe benchmark run azure_compliance.benchmark.cis_v300 --export html powerpipe benchmark run azure_compliance.benchmark.cis_v300 --export html
 </code> </code>
 +
 +
 +
 +To install and run **Powerpipe** and **Steampipe** for Azure CIS benchmarks, you will follow a four-stage process: installing the binaries, configuring Azure authentication, setting up the plugins, and finally running the compliance mod. [1](https://avertium-my.sharepoint.com/personal/michael_gupton_avertium_com/Documents/Microsoft%20Copilot%20Chat%20Files/powerpipe_azure_assessment.md)
 +
 +=== 1. Install Steampipe and Powerpipe ===
 +Run these commands in your bash terminal to install the latest versions using the official install scripts.
 +
 +<code bash>
 +# Install Steampipe
 +sudo /bin/sh -c "$(curl -fsSL https://steampipe.io/install/steampipe.sh)"
 +# Install Powerpipe
 +sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)"
 +</code>
 +
 +----
 +
 +=== 2. Authenticate with Azure ===
 +Steampipe uses your existing Azure CLI credentials by default. Ensure you are logged in and have the correct subscription active. 
 +
 +<code bash>
 +# Log in to Azure
 +az login
 +# (Optional) Set the specific subscription you want to scan
 +az account set --subscription "Your-Subscription-ID"
 +</code>
 +
 +----
 +
 +=== 3. Install Plugins and Compliance Mod ===
 +Steampipe needs the **Azure** and **Azure AD** plugins to fetch data, while Powerpipe needs the **Azure Compliance** mod to run the CIS checks.
 +
 +<code bash>
 +# Install required Steampipe plugins
 +steampipe plugin install azure
 +steampipe plugin install azuread
 +# Create a directory for your compliance checks and initialize a mod
 +mkdir azure-compliance
 +cd azure-compliance
 +powerpipe mod init
 +# Install the Azure Compliance mod
 +powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
 +</code> 
 +
 +----
 +
 +=== 4. Run the CIS Benchmark ===
 +You must start the Steampipe service so Powerpipe can query it, then run the benchmark command. 
 +
 +<code bash>
 +# Start the Steampipe service in the background
 +steampipe service start
 +# Run the CIS v3.0.0 benchmark (or choose your preferred version)
 +powerpipe benchmark run azure_compliance.benchmark.cis_v300 --export cis_300.html
 +</code>
 +
 +<WRAP tip>
 +**Prefer a visual dashboard?** Instead of ``run``, use ``powerpipe server`` and navigate to ``http://localhost:9033`` in your browser to view the results in a rich, interactive UI.
 +</WRAP>
 +
 +----
 +
 +=== Summary of Common Benchmarks ===
 +
 +^ Framework ^ Command ^
 +| **CIS v3.0.0** | ``powerpipe benchmark run azure_compliance.benchmark.cis_v300`` |
 +| **CIS v2.1.0** | ``powerpipe benchmark run azure_compliance.benchmark.cis_v210`` |
 +| **NIST SP 800-53** | ``powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_53_rev_5`` | 
 +``
  • azure/azure_powerpipe.1770077467.txt.gz
  • Last modified: 2026/02/03 00:11
  • by mmuze