Differences

This shows you the differences between two versions of the page.

--- azure:azure_powerpipe [2026/02/03 15:48] – mmuze
+++ azure:azure_powerpipe [2026/02/12 21:25] (current) – mmuze
@@ Line 1: / Line 1: @@
 ====== Azure Steampipe/Powerpipe ======
+  * [[https://hub.powerpipe.io/mods/turbot/steampipe-mod-azure-compliance/benchmarks|Azure Compliance Mod]], CIS, NIST, etc
+    * This page includes a list of the raw queries that can be ran using the Steampipe ''steampipe query --output line'' command.
   * Details on installing are here, [[https://github.com/turbot/steampipe-mod-azure-compliance]]
@@ Line 37: / Line 41: @@
+====== Installation Alt ======
 To install and run **Powerpipe** and **Steampipe** for Azure CIS benchmarks, you will follow a four-stage process: installing the binaries, configuring Azure authentication, setting up the plugins, and finally running the compliance mod. [1](https://avertium-my.sharepoint.com/personal/michael_gupton_avertium_com/Documents/Microsoft%20Copilot%20Chat%20Files/powerpipe_azure_assessment.md)
@@ Line 88: / Line 92: @@
 steampipe service start
 # Run the CIS v3.0.0 benchmark (or choose your preferred version)
-powerpipe benchmark run azure_compliance.benchmark.cis_v300
+powerpipe benchmark run azure_compliance.benchmark.cis_v300 --export cis_300.html --export cis_300.csv
 </code>
@@ Line 104: / Line 108: @@
 | **NIST SP 800-53** | ``powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_53_rev_5`` |
 ``
+====== Azure Compliance Mod Controls ======
+=== List controls ===
+<code>
+powerpipe control list | grep keyvault
+azure_compliance    azure_compliance.control.keyvault_certificate_validity_12_months
+azure_compliance    azure_compliance.control.keyvault_certificate_validity_period_less_equal_12_months
+azure_compliance    azure_compliance.control.keyvault_firewall_enabled
+azure_compliance    azure_compliance.control.keyvault_key_automatic_rotation_enabled
+azure_compliance    azure_compliance.control.keyvault_key_expiration_set
+azure_compliance    azure_compliance.control.keyvault_logging_enabled
+azure_compliance    azure_compliance.control.keyvault_managed_hms_logging_enabled
+azure_compliance    azure_compliance.control.keyvault_managed_hms_purge_protection_enabled
+azure_compliance    azure_compliance.control.keyvault_purge_protection_enabled
+azure_compliance    azure_compliance.control.keyvault_rbac_enabled
+azure_compliance    azure_compliance.control.keyvault_secret_expiration_set
+azure_compliance    azure_compliance.control.keyvault_soft_delete_enabled
+azure_compliance    azure_compliance.control.keyvault_vault_private_link_used
+azure_compliance    azure_compliance.control.keyvault_vault_public_network_access_disabled
+azure_compliance    azure_compliance.control.keyvault_vault_recoverable
+azure_compliance    azure_compliance.control.keyvault_vault_use_virtual_service_endpoint
+azure_compliance    azure_compliance.control.keyvault_with_non_rbac_key_expiration_set
+azure_compliance    azure_compliance.control.keyvault_with_non_rbac_secret_expiration_set
+azure_compliance    azure_compliance.control.keyvault_with_rbac_key_expiration_set
+azure_compliance    azure_compliance.control.keyvault_with_rbac_secret_expiration_set
+azure_compliance    azure_compliance.control.securitycenter_azure_defender_on_for_keyvault
+</code>
+====== Manually Running Controls (Checks) from Azure Compliance Mode ======
+  * Search the [[https://github.com/turbot/steampipe-mod-azure-compliance|source code]] for the compliance check by id and look for the query.