From 033e8984f16bf148e87c7237e58f9be63169d4a9 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 22:30:35 +0200 Subject: [PATCH 01/24] mondoo-asset-inventory-azure: restruct Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 488 ++++++++++++++++----------- 1 file changed, 294 insertions(+), 194 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index b40cac7..a09acd0 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -15,197 +15,297 @@ packs: docs: desc: | The Azure Asset Inventory by Mondoo query pack retrieves information about Azure subscriptions and resources for asset inventory. - filters: asset.platform == "azure" - queries: - - uid: mondoo-asset-inventory-azure-roleDefinitions - title: Azure role definitions - docs: - desc: | - This query retrieves data for all role definitions in the subscription - mql: azure.subscription.authorization.roleDefinitions - - uid: mondoo-asset-inventory-azure-cloudDefender - title: Microsoft Defender for Cloud configuration - docs: - desc: | - This query retrieves data for Microsoft Defender for Cloud - mql: azure.subscription.cloudDefender { defenderForServers defenderForContainers securityContacts { name alertNotifications } } - - uid: mondoo-asset-inventory-azure-storageAccounts - title: Azure Storage accounts - docs: - desc: | - This query retrieves data for all storage accounts - mql: azure.subscription.storage.accounts - - uid: mondoo-asset-inventory-azure-storageAccounts-containers - title: Azure Storage account containers - docs: - desc: | - This query retrieves data for all containers in storage accounts - mql: azure.subscription.storage.accounts { containers } - - uid: mondoo-asset-inventory-azure-storageAccounts-blobs - title: Azure storage accounts blobs - docs: - desc: | - This query retrieves data for all blobs in storage accounts - mql: azure.subscription.storage.accounts { blobProperties } - - uid: mondoo-asset-inventory-azure-storageAccounts-tables - title: Azure Storage accounts tables - docs: - desc: | - This query retrieves data for all tables in storage accounts - mql: azure.subscription.storage.accounts { tableProperties } - - uid: mondoo-asset-inventory-azure-sqlServers - title: Azure SQL Database servers - docs: - desc: | - This query retrieves data for all Azure SQL Database servers - mql: azure.subscription.sql.servers - - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules - title: Azure SQL Database server firewall rules - docs: - desc: | - This query retrieves data for all firewall rules in Azure SQL Database servers - mql: azure.subscription.sql.servers { firewallRules } - - uid: mondoo-asset-inventory-azure-sqlServers-databases - title: Azure SQL Database server databases - docs: - desc: | - This query retrieves data for all databases in Azure SQL Database servers - mql: azure.subscription.sql.servers { databases } - - uid: mondoo-asset-inventory-azure-postgresql - title: Azure PostgreSQL servers - docs: - desc: | - This query retrieves data for all PostgreSQL servers - mql: azure.subscription.postgreSql.servers - - uid: mondoo-asset-inventory-azure-postgresql-firewallrules - title: Azure PostgreSQL server firewall rules - docs: - desc: | - This query retrieves data for all firewall rules in Azure PostgreSQL servers - mql: azure.subscription.postgreSql.servers { firewallRules } - - uid: mondoo-asset-inventory-azure-mysql - title: Azure MySQL servers - docs: - desc: | - This query retrieves data for all Azure MySQL servers - mql: azure.subscription.mySql{ servers flexibleServers } - - uid: mondoo-asset-inventory-azure-mariaDb - title: Azure MariaDB servers - docs: - desc: | - This query retrieves data for all Azure MariaDB servers - mql: azure.subscription.mariaDb.servers - - uid: mondoo-asset-inventory-azure-diagnosticSettings - title: Azure diagnostic settings - docs: - desc: | - This query retrieves data for all diagnostic settings - mql: azure.subscription.monitor.diagnosticSettings - - uid: mondoo-asset-inventory-azure-keyVaults - title: Azure Key Vault vaults - docs: - desc: | - This query retrieves data for all Azure Key Vault vaults - mql: azure.subscription.keyVault.vaults - - uid: mondoo-asset-inventory-azure-keyVaults-keys - title: Azure Key Vault vault keys - docs: - desc: | - This query retrieves data for all keys in Key Vaults - mql: azure.subscription.keyVault.vaults { keys } - - uid: mondoo-asset-inventory-azure-keyVaults-secrets - title: Azure Key Vault vault secrets - docs: - desc: | - This query retrieves data for all secrets in Key Vaults - mql: azure.subscription.keyVault.vaults { secrets } - - uid: mondoo-asset-inventory-azure-keyVaults-certificates - title: Azure Key Vault vault certificates - docs: - desc: | - This query retrieves data for all certificates in Key Vaults - mql: azure.subscription.keyVault.vaults { certificates } - - uid: mondoo-asset-inventory-azure-activitylogs - title: Azure activity logs - docs: - desc: | - This query retrieves data for all activity logs - mql: azure.subscription.monitor.activityLog - - uid: mondoo-asset-inventory-azure-networkSecurityGroups - title: Azure network security groups - docs: - desc: | - This query retrieves data for all network security groups - mql: azure.subscription.network.securityGroups - - uid: mondoo-asset-inventory-azure-publicip - title: Azure public IP addresses - docs: - desc: | - This query retrieves all public IP addresses in your subscription - mql: azure.subscription.networkService.publicIpAddresses{ name location ipAddress } - - uid: mondoo-asset-inventory-azure-virtualmachines - title: Azure virtual machines - docs: - desc: | - This query retrieves data for all virtual machines - mql: azure.subscription.compute.vms - - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk - title: Azure virtual machines with managed disks - docs: - desc: | - This query retrieves data for all virtual machines with managed disks - mql: azure.subscription.compute.vms.where( properties["storageProfile"]["osDisk"]["managedDisk"].length > 0 ) - - uid: mondoo-asset-inventory-azure-webapp - title: Azure web apps - docs: - desc: | - This query retrieves data for all web apps - mql: azure.subscription.web.apps - - uid: mondoo-asset-inventory-azure-cosmosDb - title: Azure Cosmos DB accounts - docs: - desc: | - This query retrieves data for all Cosmos DB accounts - mql: azure.subscription.cosmosDb.accounts - - uid: mondoo-asset-inventory-azure-applicationInsight - title: Azure Monitor Application Insights - docs: - desc: | - This query retrieves data for all Application Insights - mql: azure.subscription.monitor.applicationInsights - - uid: mondoo-asset-inventory-azure-networkWatcher - title: Azure Network Watchers - docs: - desc: | - This query retrieves data for Azure Network Watchers - mql: azure.subscription.network.watchers - - uid: mondoo-asset-inventory-azure-bastionHosts - title: Azure Bastion hosts - docs: - desc: | - This query retrieves data for all Bastion hosts - mql: azure.subscription.network.bastionHosts - - uid: mondoo-asset-inventory-azure-compute-disks - title: Compute disks - docs: - desc: | - This query retrieves data for all compute disks available in the subscription - mql: azure.subscription.compute.disks - - uid: mondoo-asset-inventory-azure-network-interfaces - title: Network interfaces - docs: - desc: | - This query retrieves data for all network interfaces - mql: azure.subscription.network.interfaces{ name location properties['nicType'] properties['nicType'] properties['macAddress'] properties['virtualMachine']['id'] } - - uid: mondoo-asset-inventory-azure-resourcegroups - title: Azure subscription resource groups - docs: - desc: | - This query retrieves data for all resource groups inside the subscription - mql: azure.subscription.resourceGroups - - uid: mondoo-asset-inventory-azure-resources - title: Azure subscription resources - docs: - desc: | - This query retrieves data for all resources inside the subscription - mql: azure.subscription.resources + groups: + - uid: mondoo-incident-response-aws-group + title: AWS Asset Inventory Pack Group + filters: asset.platform == "azure" + queries: + - uid: + + +queries: + - uid: mondoo-asset-inventory-azure-roleDefinitions + title: Azure role definitions + docs: + desc: | + This query retrieves data for all role definitions in the subscription + mql: azure.subscription.authorization.roleDefinitions + + + + - uid: mondoo-asset-inventory-azure-cloudDefender + title: Microsoft Defender for Cloud configuration + docs: + desc: | + This query retrieves data for Microsoft Defender for Cloud + mql: azure.subscription.cloudDefender { defenderForServers defenderForContainers securityContacts { name alertNotifications } } + + + + - uid: mondoo-asset-inventory-azure-storageAccounts + title: Azure Storage accounts + docs: + desc: | + This query retrieves data for all storage accounts + mql: azure.subscription.storage.accounts + + + + - uid: mondoo-asset-inventory-azure-storageAccounts-containers + title: Azure Storage account containers + docs: + desc: | + This query retrieves data for all containers in storage accounts + mql: azure.subscription.storage.accounts { containers } + + + + - uid: mondoo-asset-inventory-azure-storageAccounts-blobs + title: Azure storage accounts blobs + docs: + desc: | + This query retrieves data for all blobs in storage accounts + mql: azure.subscription.storage.accounts { blobProperties } + + + + - uid: mondoo-asset-inventory-azure-storageAccounts-tables + title: Azure Storage accounts tables + docs: + desc: | + This query retrieves data for all tables in storage accounts + mql: azure.subscription.storage.accounts { tableProperties } + + + + - uid: mondoo-asset-inventory-azure-sqlServers + title: Azure SQL Database servers + docs: + desc: | + This query retrieves data for all Azure SQL Database servers + mql: azure.subscription.sql.servers + + + + - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules + title: Azure SQL Database server firewall rules + docs: + desc: | + This query retrieves data for all firewall rules in Azure SQL Database servers + mql: azure.subscription.sql.servers { firewallRules } + + + + - uid: mondoo-asset-inventory-azure-sqlServers-databases + title: Azure SQL Database server databases + docs: + desc: | + This query retrieves data for all databases in Azure SQL Database servers + mql: azure.subscription.sql.servers { databases } + + + + - uid: mondoo-asset-inventory-azure-postgresql + title: Azure PostgreSQL servers + docs: + desc: | + This query retrieves data for all PostgreSQL servers + mql: azure.subscription.postgreSql.servers + + + + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules + title: Azure PostgreSQL server firewall rules + docs: + desc: | + This query retrieves data for all firewall rules in Azure PostgreSQL servers + mql: azure.subscription.postgreSql.servers { firewallRules } + + + + - uid: mondoo-asset-inventory-azure-mysql + title: Azure MySQL servers + docs: + desc: | + This query retrieves data for all Azure MySQL servers + mql: azure.subscription.mySql{ servers flexibleServers } + + + + - uid: mondoo-asset-inventory-azure-mariaDb + title: Azure MariaDB servers + docs: + desc: | + This query retrieves data for all Azure MariaDB servers + mql: azure.subscription.mariaDb.servers + + + + - uid: mondoo-asset-inventory-azure-diagnosticSettings + title: Azure diagnostic settings + docs: + desc: | + This query retrieves data for all diagnostic settings + mql: azure.subscription.monitor.diagnosticSettings + + + + - uid: mondoo-asset-inventory-azure-keyVaults + title: Azure Key Vault vaults + docs: + desc: | + This query retrieves data for all Azure Key Vault vaults + mql: azure.subscription.keyVault.vaults + + + + - uid: mondoo-asset-inventory-azure-keyVaults-keys + title: Azure Key Vault vault keys + docs: + desc: | + This query retrieves data for all keys in Key Vaults + mql: azure.subscription.keyVault.vaults { keys } + + + + - uid: mondoo-asset-inventory-azure-keyVaults-secrets + title: Azure Key Vault vault secrets + docs: + desc: | + This query retrieves data for all secrets in Key Vaults + mql: azure.subscription.keyVault.vaults { secrets } + + + + - uid: mondoo-asset-inventory-azure-keyVaults-certificates + title: Azure Key Vault vault certificates + docs: + desc: | + This query retrieves data for all certificates in Key Vaults + mql: azure.subscription.keyVault.vaults { certificates } + + + + - uid: mondoo-asset-inventory-azure-activitylogs + title: Azure activity logs + docs: + desc: | + This query retrieves data for all activity logs + mql: azure.subscription.monitor.activityLog + + + + - uid: mondoo-asset-inventory-azure-networkSecurityGroups + title: Azure network security groups + docs: + desc: | + This query retrieves data for all network security groups + mql: azure.subscription.network.securityGroups + + + + - uid: mondoo-asset-inventory-azure-publicip + title: Azure public IP addresses + docs: + desc: | + This query retrieves all public IP addresses in your subscription + mql: azure.subscription.networkService.publicIpAddresses{ name location ipAddress } + + + + - uid: mondoo-asset-inventory-azure-virtualmachines + title: Azure virtual machines + docs: + desc: | + This query retrieves data for all virtual machines + mql: azure.subscription.compute.vms + + + + - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk + title: Azure virtual machines with managed disks + docs: + desc: | + This query retrieves data for all virtual machines with managed disks + mql: azure.subscription.compute.vms.where( properties["storageProfile"]["osDisk"]["managedDisk"].length > 0 ) + + + + - uid: mondoo-asset-inventory-azure-webapp + title: Azure web apps + docs: + desc: | + This query retrieves data for all web apps + mql: azure.subscription.web.apps + + + + - uid: mondoo-asset-inventory-azure-cosmosDb + title: Azure Cosmos DB accounts + docs: + desc: | + This query retrieves data for all Cosmos DB accounts + mql: azure.subscription.cosmosDb.accounts + + + + - uid: mondoo-asset-inventory-azure-applicationInsight + title: Azure Monitor Application Insights + docs: + desc: | + This query retrieves data for all Application Insights + mql: azure.subscription.monitor.applicationInsights + + + + - uid: mondoo-asset-inventory-azure-networkWatcher + title: Azure Network Watchers + docs: + desc: | + This query retrieves data for Azure Network Watchers + mql: azure.subscription.network.watchers + + + + - uid: mondoo-asset-inventory-azure-bastionHosts + title: Azure Bastion hosts + docs: + desc: | + This query retrieves data for all Bastion hosts + mql: azure.subscription.network.bastionHosts + + + + - uid: mondoo-asset-inventory-azure-compute-disks + title: Compute disks + docs: + desc: | + This query retrieves data for all compute disks available in the subscription + mql: azure.subscription.compute.disks + + + + - uid: mondoo-asset-inventory-azure-network-interfaces + title: Network interfaces + docs: + desc: | + This query retrieves data for all network interfaces + mql: azure.subscription.network.interfaces{ name location properties['nicType'] properties['nicType'] properties['macAddress'] properties['virtualMachine']['id'] } + + + + - uid: mondoo-asset-inventory-azure-resourcegroups + title: Azure subscription resource groups + docs: + desc: | + This query retrieves data for all resource groups inside the subscription + mql: azure.subscription.resourceGroups + + + + - uid: mondoo-asset-inventory-azure-resources + title: Azure subscription resources + docs: + desc: | + This query retrieves data for all resources inside the subscription + mql: azure.subscription.resources From 06933408731f97b8e4423f4b933a9ced0b9299f6 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 22:35:42 +0200 Subject: [PATCH 02/24] fix/variants: mondoo-asset-inventory-azure-storageAccounts Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index a09acd0..a2852c8 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -18,9 +18,11 @@ packs: groups: - uid: mondoo-incident-response-aws-group title: AWS Asset Inventory Pack Group - filters: asset.platform == "azure" + filters: asset.runtime == "azure" queries: - - uid: + - uid: mondoo-asset-inventory-azure-roleDefinitions + - uid: mondoo-asset-inventory-azure-cloudDefender + - uid: mondoo-asset-inventory-azure-storageAccounts queries: @@ -47,6 +49,14 @@ queries: docs: desc: | This query retrieves data for all storage accounts + variants: + - uid: mondoo-asset-inventory-azure-storageAccounts-single + - uid: mondoo-asset-inventory-azure-storageAccounts-api + - uid: mondoo-asset-inventory-azure-storageAccounts-single + filters: asset.platform == "azure-storage-account" + mql: azure.subscription.storage.account + - uid: mondoo-asset-inventory-azure-storageAccounts-api + filters: asset.platform == "azure" mql: azure.subscription.storage.accounts From 4212d00093e593eb540760a8484761670834b689 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 22:40:37 +0200 Subject: [PATCH 03/24] fix/variants: mondoo-asset-inventory-azure-storageAccounts-containers Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index a2852c8..04e17c4 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -66,7 +66,15 @@ queries: docs: desc: | This query retrieves data for all containers in storage accounts + variants: + - uid: mondoo-asset-inventory-azure-storageAccounts-containers-single + - uid: mondoo-asset-inventory-azure-storageAccounts-containers-api + - uid: mondoo-asset-inventory-azure-storageAccounts-containers-api + filters: asset.platform == "azure" mql: azure.subscription.storage.accounts { containers } + - uid: mondoo-asset-inventory-azure-storageAccounts-containers-single + filters: asset.platform == "azure-storage-account" && azure.subscription.storage.account.containers != empty + mql: azure.subscription.storage.account.containers From 816937d081498397a19fd1b4caa8be597110dd3d Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 22:43:25 +0200 Subject: [PATCH 04/24] fix/variants: - uid: mondoo-asset-inventory-azure-storageAccounts-blobs Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 04e17c4..5aa8088 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -23,6 +23,10 @@ packs: - uid: mondoo-asset-inventory-azure-roleDefinitions - uid: mondoo-asset-inventory-azure-cloudDefender - uid: mondoo-asset-inventory-azure-storageAccounts + - uid: mondoo-asset-inventory-azure-storageAccounts-containers + - uid: mondoo-asset-inventory-azure-storageAccounts-blobs + - uid: mondoo-asset-inventory-azure-storageAccounts-blobs + queries: @@ -83,7 +87,15 @@ queries: docs: desc: | This query retrieves data for all blobs in storage accounts + variants: + - uid: mondoo-asset-inventory-azure-storageAccounts-blobs-single + - uid: mondoo-asset-inventory-azure-storageAccounts-blobs-api + - uid: mondoo-asset-inventory-azure-storageAccounts-blobs-api + filters: asset.platform == "azure" mql: azure.subscription.storage.accounts { blobProperties } + - uid: mondoo-asset-inventory-azure-storageAccounts-blobs-single + filters: asset.platform == "azure-storage-account" + mql: azure.subscription.storage.account.blobProperties From cee64bba825a548aa2179cc022bf19bb85a21f73 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 22:50:34 +0200 Subject: [PATCH 05/24] fix/variants: - uid: mondoo-asset-inventory-azure-storageAccounts-tables Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 5aa8088..f54eab0 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -25,7 +25,7 @@ packs: - uid: mondoo-asset-inventory-azure-storageAccounts - uid: mondoo-asset-inventory-azure-storageAccounts-containers - uid: mondoo-asset-inventory-azure-storageAccounts-blobs - - uid: mondoo-asset-inventory-azure-storageAccounts-blobs + - uid: mondoo-asset-inventory-azure-storageAccounts-tables @@ -104,7 +104,20 @@ queries: docs: desc: | This query retrieves data for all tables in storage accounts + variants: + - uid: mondoo-asset-inventory-azure-storageAccounts-tables-single + - uid: mondoo-asset-inventory-azure-storageAccounts-tables-api + - uid: mondoo-asset-inventory-azure-storageAccounts-tables-api + filters: asset.platform == "azure" mql: azure.subscription.storage.accounts { tableProperties } + - uid: mondoo-asset-inventory-azure-storageAccounts-tables-single + filters: asset.platform == "azure-storage-account" + mql: azure.subscription.storage.account.tableProperties + + + + + From cd4b33ca44e062805c862ad86950d14e80a5f3b9 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 22:57:06 +0200 Subject: [PATCH 06/24] fix/variants: - uid: mondoo-asset-inventory-azure-sqlServers Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index f54eab0..5b03952 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -26,6 +26,7 @@ packs: - uid: mondoo-asset-inventory-azure-storageAccounts-containers - uid: mondoo-asset-inventory-azure-storageAccounts-blobs - uid: mondoo-asset-inventory-azure-storageAccounts-tables + - uid: mondoo-asset-inventory-azure-sqlServers @@ -116,17 +117,20 @@ queries: - - - - - - uid: mondoo-asset-inventory-azure-sqlServers title: Azure SQL Database servers docs: desc: | This query retrieves data for all Azure SQL Database servers + variants: + - uid: mondoo-asset-inventory-azure-sqlServers-single + - uid: mondoo-asset-inventory-azure-sqlServers-api + - uid: mondoo-asset-inventory-azure-sqlServers-api + filters: asset.platform == "azure" mql: azure.subscription.sql.servers + - uid: mondoo-asset-inventory-azure-sqlServers-single + filters: asset.platform == "azure-sql-server" + mql: azure.subscription.sql.server From b646e39c8a26106a58e48a8f3e9a129506357a01 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 22:59:34 +0200 Subject: [PATCH 07/24] fix/variants: mondoo-asset-inventory-azure-sqlServers-firewallrules Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 5b03952..a746633 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -139,7 +139,21 @@ queries: docs: desc: | This query retrieves data for all firewall rules in Azure SQL Database servers + variants: + - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules-single + - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules-api + - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules-api + filters: asset.platform == "azure" mql: azure.subscription.sql.servers { firewallRules } + - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules-single + filters: asset.platform == "azure-sql-server" + mql: azure.subscription.sql.server.firewallRules + + + + + + From d37d04e090760afd47519e967c1874be729381df Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:01:17 +0200 Subject: [PATCH 08/24] fix/variants: mondoo-asset-inventory-azure-sqlServers-databases Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index a746633..18dc780 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -27,6 +27,8 @@ packs: - uid: mondoo-asset-inventory-azure-storageAccounts-blobs - uid: mondoo-asset-inventory-azure-storageAccounts-tables - uid: mondoo-asset-inventory-azure-sqlServers + - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules + - uid: mondoo-asset-inventory-azure-sqlServers-databases @@ -151,18 +153,25 @@ queries: - - - - - - - uid: mondoo-asset-inventory-azure-sqlServers-databases title: Azure SQL Database server databases docs: desc: | This query retrieves data for all databases in Azure SQL Database servers + variants: + - uid: mondoo-asset-inventory-azure-sqlServers-databases-single + - uid: mondoo-asset-inventory-azure-sqlServers-databases-api + - uid: mondoo-asset-inventory-azure-sqlServers-databases-api + filters: asset.platform == "azure" mql: azure.subscription.sql.servers { databases } + - uid: mondoo-asset-inventory-azure-sqlServers-databases-single + filters: asset.platform == "azure-sql-server" + mql: azure.subscription.sql.server.databases + + + + + From 02a12e927f1273f5a55f5d60bf1ac898cf25fc85 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:10:36 +0200 Subject: [PATCH 09/24] fix/variants: - uid: mondoo-asset-inventory-azure-postgresql Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 18dc780..c9dc99c 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -29,6 +29,7 @@ packs: - uid: mondoo-asset-inventory-azure-sqlServers - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules - uid: mondoo-asset-inventory-azure-sqlServers-databases + - uid: mondoo-asset-inventory-azure-postgresql @@ -170,17 +171,28 @@ queries: - - - - - - uid: mondoo-asset-inventory-azure-postgresql title: Azure PostgreSQL servers docs: desc: | This query retrieves data for all PostgreSQL servers - mql: azure.subscription.postgreSql.servers + variants: + - uid: mondoo-asset-inventory-azure-postgresql-all + - uid: mondoo-asset-inventory-azure-postgresql-legacy + - uid: mondoo-asset-inventory-azure-postgresql-flexible + - uid: mondoo-asset-inventory-azure-postgresql-all + filters: asset.platform == "azure" + mql: | + azure.subscription.postgreSql.servers + azure.subscription.postgreSql.flexibleServers + - uid: mondoo-asset-inventory-azure-postgresql-legacy + filters: asset.platform == "azure-postgresql-server" + mql: azure.subscription.postgreSql.server + - uid: mondoo-asset-inventory-azure-postgresql-flexible + filters: asset.platform == "azure-postgresql-flexible-server" + mql: azure.subscription.postgreSql.flexibleServer + + From ddcf06a174dcfddfecb863d84935cc2b53b0be5f Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:12:41 +0200 Subject: [PATCH 10/24] fix/variants: - uid: mondoo-asset-inventory-azure-postgresql-firewallrules Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index c9dc99c..751413d 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -201,7 +201,21 @@ queries: docs: desc: | This query retrieves data for all firewall rules in Azure PostgreSQL servers - mql: azure.subscription.postgreSql.servers { firewallRules } + variants: + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-all + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-legacy + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-flexible + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-all + filters: asset.platform == "azure" + mql: | + azure.subscription.postgreSql.servers { firewallRules } + azure.subscription.postgreSql.flexibleServers { firewallRules } + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-legacy + filters: asset.platform == "azure-postgresql-server" + mql: azure.subscription.postgreSql.server.firewallRules + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-flexible + filters: asset.platform == "azure-postgresql-flexible-server" + mql: azure.subscription.postgreSql.flexibleServer.firewallRules From 01cd6ae00b47dbdef60588d620d27463b350f4e3 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:17:43 +0200 Subject: [PATCH 11/24] fix/variants: - uid: mondoo-asset-inventory-azure-mysql Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 751413d..b2e3752 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -30,6 +30,7 @@ packs: - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules - uid: mondoo-asset-inventory-azure-sqlServers-databases - uid: mondoo-asset-inventory-azure-postgresql + - uid: mondoo-asset-inventory-azure-mysql @@ -212,7 +213,7 @@ queries: azure.subscription.postgreSql.flexibleServers { firewallRules } - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-legacy filters: asset.platform == "azure-postgresql-server" - mql: azure.subscription.postgreSql.server.firewallRules + mql: azure.subscription.postgreSql.server.firewallRules - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-flexible filters: asset.platform == "azure-postgresql-flexible-server" mql: azure.subscription.postgreSql.flexibleServer.firewallRules @@ -224,7 +225,21 @@ queries: docs: desc: | This query retrieves data for all Azure MySQL servers - mql: azure.subscription.mySql{ servers flexibleServers } + variants: + - uid: mondoo-asset-inventory-azure-mysql-all + - uid: mondoo-asset-inventory-azure-mysql-legacy + - uid: mondoo-asset-inventory-azure-mysql-flexible + - uid: mondoo-asset-inventory-azure-mysql-all + filters: asset.platform == "azure" + mql: | + azure.subscription.mySql.servers + azure.subscription.mySql.flexibleServers + - uid: mondoo-asset-inventory-azure-mysql-legacy + filters: asset.platform == "azure-mysql-server" + mql: azure.subscription.mySql.server + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-flexible + filters: asset.platform == "azure-mysql-flexible-server" + mql: azure.subscription.mySql.flexibleServer From f2b6e26efbb9295766e87193ef253027eb3cbf14 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:19:51 +0200 Subject: [PATCH 12/24] fix/variants: - uid: mondoo-asset-inventory-azure-mysql-firewallrules Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index b2e3752..dac11c5 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -31,7 +31,7 @@ packs: - uid: mondoo-asset-inventory-azure-sqlServers-databases - uid: mondoo-asset-inventory-azure-postgresql - uid: mondoo-asset-inventory-azure-mysql - + - uid: mondoo-asset-inventory-azure-mysql-firewallrules queries: @@ -220,6 +220,29 @@ queries: + - uid: mondoo-asset-inventory-azure-mysql-firewallrules + title: Azure MySQL servers + docs: + desc: | + This query retrieves data for all Azure MySQL servers + variants: + - uid: mondoo-asset-inventory-azure-mysql-firewallrules-all + - uid: mondoo-asset-inventory-azure-mysql-firewallrules-legacy + - uid: mondoo-asset-inventory-azure-mysql-firewallrules-flexible + - uid: mondoo-asset-inventory-azure-mysql-firewallrules-all + filters: asset.platform == "azure" + mql: | + azure.subscription.mySql.servers { firewallRules } + azure.subscription.mySql.flexibleServers { firewallRules } + - uid: mondoo-asset-inventory-azure-mysql-firewallrules-legacy + filters: asset.platform == "azure-mysql-server" + mql: azure.subscription.mySql.server.firewallRules + - uid: mondoo-asset-inventory-azure-mysql-firewallrules-flexible + filters: asset.platform == "azure-mysql-flexible-server" + mql: azure.subscription.mySql.flexibleServer.firewallRules + + + - uid: mondoo-asset-inventory-azure-mysql title: Azure MySQL servers docs: @@ -242,7 +265,6 @@ queries: mql: azure.subscription.mySql.flexibleServer - - uid: mondoo-asset-inventory-azure-mariaDb title: Azure MariaDB servers docs: From da51e9abf23eea4550dcc890363a131635fc38bf Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:20:55 +0200 Subject: [PATCH 13/24] fix/variants:- uid: mondoo-asset-inventory-azure-postgresql-firewallrules Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index dac11c5..2df6354 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -30,6 +30,7 @@ packs: - uid: mondoo-asset-inventory-azure-sqlServers-firewallrules - uid: mondoo-asset-inventory-azure-sqlServers-databases - uid: mondoo-asset-inventory-azure-postgresql + - uid: mondoo-asset-inventory-azure-postgresql-firewallrules - uid: mondoo-asset-inventory-azure-mysql - uid: mondoo-asset-inventory-azure-mysql-firewallrules From 709aefe0cf1f7e22460a36c6b5391bb20c2e1db8 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:28:06 +0200 Subject: [PATCH 14/24] fix/variants:- - uid: mondoo-asset-inventory-azure-mariaDb Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 2df6354..a8bcba3 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -33,6 +33,7 @@ packs: - uid: mondoo-asset-inventory-azure-postgresql-firewallrules - uid: mondoo-asset-inventory-azure-mysql - uid: mondoo-asset-inventory-azure-mysql-firewallrules + - uid: mondoo-asset-inventory-azure-mariaDb queries: @@ -271,7 +272,20 @@ queries: docs: desc: | This query retrieves data for all Azure MariaDB servers + variants: + - uid: mondoo-asset-inventory-azure-mariaDb-single + - uid: mondoo-asset-inventory-azure-mariaDb-api + - uid: mondoo-asset-inventory-azure-mariaDb-api + filters: asset.platform == "azure" mql: azure.subscription.mariaDb.servers + - uid: mondoo-asset-inventory-azure-mariaDb-single + filters: asset.platform == "azure-mariadb-server" + mql: azure.subscription.mariaDb.server + + + + + From 3a171473a8a69a29dd1a73ad60676d72997790cf Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:32:25 +0200 Subject: [PATCH 15/24] fix/variants: - uid: mondoo-asset-inventory-azure-keyVaults Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index a8bcba3..6ea9f53 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -34,6 +34,7 @@ packs: - uid: mondoo-asset-inventory-azure-mysql - uid: mondoo-asset-inventory-azure-mysql-firewallrules - uid: mondoo-asset-inventory-azure-mariaDb + - uid: mondoo-asset-inventory-azure-keyVaults queries: @@ -284,11 +285,6 @@ queries: - - - - - - uid: mondoo-asset-inventory-azure-diagnosticSettings title: Azure diagnostic settings docs: @@ -303,7 +299,20 @@ queries: docs: desc: | This query retrieves data for all Azure Key Vault vaults + variants: + - uid: mondoo-asset-inventory-azure-keyVaults-single + - uid: mondoo-asset-inventory-azure-keyVaults-api + - uid: mondoo-asset-inventory-azure-keyVaults-api + filters: asset.platform == "azure" mql: azure.subscription.keyVault.vaults + - uid: mondoo-asset-inventory-azure-keyVaults-single + filters: asset.platform == "azure-keyvault-vault" + mql: azure.subscription.keyVault.vault + + + + + From 3dd5716b8cec74ca4e04d06f07039833b2b661b3 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:33:48 +0200 Subject: [PATCH 16/24] fix/variants: - uid: mondoo-asset-inventory-azure-keyVaults-keys Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 6ea9f53..a1f898e 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -311,17 +311,24 @@ queries: - - - - - - uid: mondoo-asset-inventory-azure-keyVaults-keys title: Azure Key Vault vault keys docs: desc: | This query retrieves data for all keys in Key Vaults + variants: + - uid: mondoo-asset-inventory-azure-keyVaults-keys-api + - uid: mondoo-asset-inventory-azure-keyVaults-keys-single + - uid: mondoo-asset-inventory-azure-keyVaults-keys-api + filters: asset.platform == "azure" mql: azure.subscription.keyVault.vaults { keys } + - uid: mondoo-asset-inventory-azure-keyVaults-keys-single + filters: asset.platform == "azure-keyvault-vault" + mql: azure.subscription.keyVault.vault.keys + + + + From 3f703bef7509620d0e3d344ac8aa530af3ce0db9 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:34:49 +0200 Subject: [PATCH 17/24] fix/variants: - uid: mondoo-asset-inventory-azure-keyVaults-secrets Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index a1f898e..4533dc7 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -328,16 +328,23 @@ queries: - - - - - uid: mondoo-asset-inventory-azure-keyVaults-secrets title: Azure Key Vault vault secrets docs: desc: | This query retrieves data for all secrets in Key Vaults + variants: + - uid: mondoo-asset-inventory-azure-keyVaults-secrets-api + - uid: mondoo-asset-inventory-azure-keyVaults-secrets-single + - uid: mondoo-asset-inventory-azure-keyVaults-secrets-api + filters: asset.platform == "azure" mql: azure.subscription.keyVault.vaults { secrets } + - uid: mondoo-asset-inventory-azure-keyVaults-secrets-single + filters: asset.platform == "azure-keyvault-vault" + mql: azure.subscription.keyVault.vault.secrets + + + From b9b16a87edb4986a0d3de12e844d8d766916883a Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:35:26 +0200 Subject: [PATCH 18/24] fix/variants: - uid: mondoo-asset-inventory-azure-keyVaults-secrets Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 4533dc7..83c6fbd 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -35,6 +35,8 @@ packs: - uid: mondoo-asset-inventory-azure-mysql-firewallrules - uid: mondoo-asset-inventory-azure-mariaDb - uid: mondoo-asset-inventory-azure-keyVaults + - uid: mondoo-asset-inventory-azure-keyVaults-keys + - uid: mondoo-asset-inventory-azure-keyVaults-secrets queries: From 93535ee7a6842ca4b587d12a8d952acd276916b1 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:36:26 +0200 Subject: [PATCH 19/24] fix/variants: - uid: mondoo-asset-inventory-azure-keyVaults-certificates Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 83c6fbd..8756f92 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -347,15 +347,21 @@ queries: - - - - uid: mondoo-asset-inventory-azure-keyVaults-certificates title: Azure Key Vault vault certificates docs: desc: | This query retrieves data for all certificates in Key Vaults + variants: + - uid: mondoo-asset-inventory-azure-keyVaults-certificates-api + - uid: mondoo-asset-inventory-azure-keyVaults-certificates-single + - uid: mondoo-asset-inventory-azure-keyVaults-certificates-api + filters: asset.platform == "azure" mql: azure.subscription.keyVault.vaults { certificates } + - uid: mondoo-asset-inventory-azure-keyVaults-certificates-single + filters: asset.platform == "azure-keyvault-vault" + mql: azure.subscription.keyVault.vault.certificates + From af69f93e67c65e7ea381caa2e90630308373dba3 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:38:21 +0200 Subject: [PATCH 20/24] fix/variants: - uid: mondoo-asset-inventory-azure-networkSecurityGroups Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 8756f92..0126f57 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -379,7 +379,15 @@ queries: docs: desc: | This query retrieves data for all network security groups + variants: + - uid: mondoo-asset-inventory-azure-networkSecurityGroups-api + - uid: mondoo-asset-inventory-azure-networkSecurityGroups-single + - uid: mondoo-asset-inventory-azure-networkSecurityGroups-api + filters: asset.platform == "azure" mql: azure.subscription.network.securityGroups + - uid: mondoo-asset-inventory-azure-networkSecurityGroups-single + filters: asset.platform == "azure-network-security-group" + mql: azure.subscription.network.securityGroup From 8e646f42b162f98b705f0adb36cba6e24e2cb079 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:47:12 +0200 Subject: [PATCH 21/24] fix/variants: - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 0126f57..15e4f08 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -37,6 +37,12 @@ packs: - uid: mondoo-asset-inventory-azure-keyVaults - uid: mondoo-asset-inventory-azure-keyVaults-keys - uid: mondoo-asset-inventory-azure-keyVaults-secrets + - uid: mondoo-asset-inventory-azure-keyVaults-certificates + - uid: mondoo-asset-inventory-azure-activitylogs + - uid: mondoo-asset-inventory-azure-networkSecurityGroups + - uid: mondoo-asset-inventory-azure-publicip + - uid: mondoo-asset-inventory-azure-virtualmachines + - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk queries: @@ -405,8 +411,15 @@ queries: docs: desc: | This query retrieves data for all virtual machines + variants: + - uid: mondoo-asset-inventory-azure-virtualmachines-api + - uid: mondoo-asset-inventory-azure-virtualmachines-single + - uid: mondoo-asset-inventory-azure-virtualmachines-api + filters: asset.platform == "azure" mql: azure.subscription.compute.vms - + - uid: mondoo-asset-inventory-azure-virtualmachines-single + filters: asset.platform == "azure-compute-vm-api" + mql: azure.subscription.compute.vm - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk @@ -414,7 +427,18 @@ queries: docs: desc: | This query retrieves data for all virtual machines with managed disks - mql: azure.subscription.compute.vms.where( properties["storageProfile"]["osDisk"]["managedDisk"].length > 0 ) + variants: + - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk-api + - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk-single + - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk-api + filters: asset.platform == "azure" + mql: azure.subscription.compute.vms.where( properties["storageProfile"]["osDisk"]["managedDisk"] != empty ) + - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk-single + filters: asset.platform == "azure-compute-vm-api" && azure.subscription.compute.vm.properties["storageProfile"]["osDisk"]["managedDisk"] != empty + mql: azure.subscription.compute.vm.properties["storageProfile"]["osDisk"]["managedDisk"] != empty + + + From 88ce1e301e90e9d5cd05dd5990346c3879d8216b Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:49:26 +0200 Subject: [PATCH 22/24] fix/variants: - uid: mondoo-asset-inventory-azure-resources Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 15e4f08..df24136 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -43,8 +43,15 @@ packs: - uid: mondoo-asset-inventory-azure-publicip - uid: mondoo-asset-inventory-azure-virtualmachines - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk - - + - uid: mondoo-asset-inventory-azure-webapp + - uid: mondoo-asset-inventory-azure-cosmosDb + - uid: mondoo-asset-inventory-azure-applicationInsight + - uid: mondoo-asset-inventory-azure-networkWatcher + - uid: mondoo-asset-inventory-azure-bastionHosts + - uid: mondoo-asset-inventory-azure-compute-disks + - uid: mondoo-asset-inventory-azure-network-interfaces + - uid: mondoo-asset-inventory-azure-resourcegroups + - uid: mondoo-asset-inventory-azure-resources queries: - uid: mondoo-asset-inventory-azure-roleDefinitions title: Azure role definitions @@ -439,9 +446,6 @@ queries: - - - - uid: mondoo-asset-inventory-azure-webapp title: Azure web apps docs: From 9a34bc7c83274a894fbd2e24c8c4d4d6066a0079 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:51:27 +0200 Subject: [PATCH 23/24] fix/variants: - uid: mondoo-asset-inventory-azure-resources++ Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index df24136..4b01ef0 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -429,6 +429,7 @@ queries: mql: azure.subscription.compute.vm + - uid: mondoo-asset-inventory-azure-virtualmachines-managedDisk title: Azure virtual machines with managed disks docs: From 9f1dac993039f1ef3101924edc6f6d56e9f51401 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Mon, 27 May 2024 23:53:10 +0200 Subject: [PATCH 24/24] fix/variants: mondoo-asset-inventory-azure-mysql-flexible Signed-off-by: Manuel Weber --- core/mondoo-azure-inventory.mql.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/mondoo-azure-inventory.mql.yaml b/core/mondoo-azure-inventory.mql.yaml index 4b01ef0..1be6f86 100644 --- a/core/mondoo-azure-inventory.mql.yaml +++ b/core/mondoo-azure-inventory.mql.yaml @@ -278,7 +278,7 @@ queries: - uid: mondoo-asset-inventory-azure-mysql-legacy filters: asset.platform == "azure-mysql-server" mql: azure.subscription.mySql.server - - uid: mondoo-asset-inventory-azure-postgresql-firewallrules-flexible + - uid: mondoo-asset-inventory-azure-mysql-flexible filters: asset.platform == "azure-mysql-flexible-server" mql: azure.subscription.mySql.flexibleServer