Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Azure Steampipe/Powerpipe ====== * Details on installing are here, [[https://github.com/turbot/steampipe-mod-azure-compliance]] ====== Installation ====== - Install Powerpipe - Install Steampipe - Install Steampipe Azure Compliance Mod <code> sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)" sudo /bin/sh -c "$(curl -fsSL https://steampipe.io/install/steampipe.sh)" mkdir dashboards cd dashboards powerpipe mod init powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance </code> <code> az login --tenant cfc.avertium.com --use-device-code </code> ====== Azure ====== For Azure modules I provide authentication using the Azure CLI. Below is an example logging into a tenant. <code> az login --tenant <tenant id> --use-device-code </code> Run CIS Benchmark checks and output the results to HTML. <code> powerpipe benchmark run azure_compliance.benchmark.cis_v300 --export html </code> To install and run **Powerpipe** and **Steampipe** for Azure CIS benchmarks, you will follow a four-stage process: installing the binaries, configuring Azure authentication, setting up the plugins, and finally running the compliance mod. [1](https://avertium-my.sharepoint.com/personal/michael_gupton_avertium_com/Documents/Microsoft%20Copilot%20Chat%20Files/powerpipe_azure_assessment.md) === 1. Install Steampipe and Powerpipe === Run these commands in your bash terminal to install the latest versions using the official install scripts. <code bash> # Install Steampipe sudo /bin/sh -c "$(curl -fsSL https://steampipe.io/install/steampipe.sh)" # Install Powerpipe sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)" </code> ---- === 2. Authenticate with Azure === Steampipe uses your existing Azure CLI credentials by default. Ensure you are logged in and have the correct subscription active. <code bash> # Log in to Azure az login # (Optional) Set the specific subscription you want to scan az account set --subscription "Your-Subscription-ID" </code> ---- === 3. Install Plugins and Compliance Mod === Steampipe needs the **Azure** and **Azure AD** plugins to fetch data, while Powerpipe needs the **Azure Compliance** mod to run the CIS checks. <code bash> # Install required Steampipe plugins steampipe plugin install azure steampipe plugin install azuread # Create a directory for your compliance checks and initialize a mod mkdir azure-compliance cd azure-compliance powerpipe mod init # Install the Azure Compliance mod powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance </code> ---- === 4. Run the CIS Benchmark === You must start the Steampipe service so Powerpipe can query it, then run the benchmark command. <code bash> # Start the Steampipe service in the background steampipe service start # Run the CIS v3.0.0 benchmark (or choose your preferred version) powerpipe benchmark run azure_compliance.benchmark.cis_v300 --export cis_300.html </code> <WRAP tip> **Prefer a visual dashboard?** Instead of ``run``, use ``powerpipe server`` and navigate to ``http://localhost:9033`` in your browser to view the results in a rich, interactive UI. </WRAP> ---- === Summary of Common Benchmarks === ^ Framework ^ Command ^ | **CIS v3.0.0** | ``powerpipe benchmark run azure_compliance.benchmark.cis_v300`` | | **CIS v2.1.0** | ``powerpipe benchmark run azure_compliance.benchmark.cis_v210`` | | **NIST SP 800-53** | ``powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_53_rev_5`` | `` azure/azure_powerpipe.txt Last modified: 2026/02/04 15:42by mmuze