Skip to content

added graph query to D01.03 DDOS Protection '143b16c3-1d7a-4a9b-9470-4489a8042d88'#924

Open
jodyford-msft wants to merge 2 commits intoAzure:mainfrom
jodyford-msft:D01.03_DDOS_Protection
Open

added graph query to D01.03 DDOS Protection '143b16c3-1d7a-4a9b-9470-4489a8042d88'#924
jodyford-msft wants to merge 2 commits intoAzure:mainfrom
jodyford-msft:D01.03_DDOS_Protection

Conversation

@jodyford-msft
Copy link
Copy Markdown

@jodyford-msft jodyford-msft commented Sep 24, 2024

Description

Please provide a detailed description of your changes.

Related Issue

Link to any related issues or discussions here. This helps reviewers understand the context and the need for your changes.

Checklist

  • I've tested my changes to ensure they are ready for review.
  • I've read the CONTRIBUTING.md guide.
  • I've updated the documentation (if applicable).
  • Resource Graph queries have been included (and tested) for recommendations where ever possible1.
  • Resource Graph queries have NOT been included (please explain below).

Additional Information

Is there any additional context, screenshots, or considerations that might help in the review process? Please include them here.

Reviewer Notes

Is there a specific area you’d like feedback on? Please highlight it here. We're here to help and learn together! 💡

Footnotes

  1. Details on how to add Azure Resource Graph queries to recommendations can be found here.

@jodyford-msft jodyford-msft requested review from a team, erjosito and sdolgin as code owners September 24, 2024 13:35
@brsteph
Copy link
Copy Markdown
Contributor

brsteph commented Sep 24, 2024

@jodyford-msft There is no description of the change - the title says that it is creating queries for DDoS Protection, but it looks like it is creating Key Vault queries and added to the DDoS protection recommendations. I think there may be a mix up for this PR.

@jodyford-msft
Copy link
Copy Markdown
Author

jodyford-msft commented Sep 24, 2024

corrected. sorry. clipped the wrong query

@brsteph
Copy link
Copy Markdown
Contributor

brsteph commented Sep 24, 2024

@jodyford-msft Doing a quick test of the query, and it looks like it doesn't resolve for me:
image

I changed the query to:
resources | where type =~ 'microsoft.network/publicIPAddresses' | extend properties = parse_json(properties) | project id, name, location, ddosProtectionPlan = properties.ddosSettings.protectionPlan | extend compliant = iff(isnotempty(ddosProtectionPlan), 1, 0) | where compliant == 1 | project id, compliant

(by adding a | before the last project), and it showed, but it didn't correctly evaluate as I expected. I would expect it to show me non-compliant resources at least.

I took out | where compliant == 1 and it properly showed me the ID and its compliancy status.

So, I think we either need to change that to | where compliant == 0 to show us the non-compliant items, or just remove it to show both compliancy status.

erjosito
erjosito requested changes Sep 26, 2024
View reviewed changes
Comment thread checklists/alz_checklist.en.json
"guid": "143b16c3-1d7a-4a9b-9470-4489a8042d88",
"id": "D01.03",
"severity": "High",
"graph": "resources | where type =~ 'microsoft.network/publicIPAddresses' | extend properties = parse_json(properties) | project id, name, location, ddosProtectionPlan = properties.ddosSettings.protectionPlan | extend compliant = iff(isnotempty(ddosProtectionPlan), 1, 0) | where compliant == 1 project id, compliant",
Copy link
Copy Markdown
Collaborator

@erjosito erjosito Sep 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I believe that there is a | missing after compliant == 1 right?
  • But more importantly, could you please remove the where compliant == 1 altogether? Otherwise the non-compliant resources don't show up.

Comment thread checklists/waf_checklist.en.json
"link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview",
"service": "VNet",
"severity": "High",
"graph": "resources | where type =~ 'microsoft.network/publicIPAddresses' | extend properties = parse_json(properties) | project id, name, location, ddosProtectionPlan = properties.ddosSettings.protectionPlan | extend compliant = iff(isnotempty(ddosProtectionPlan), 1, 0) | where compliant == 1 project id, compliant",
Copy link
Copy Markdown
Collaborator

@erjosito erjosito Sep 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I believe that there is a | missing after compliant == 1 right?
  • But more importantly, could you please remove the where compliant == 1 altogether? Otherwise the non-compliant resources don't show up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erjosito erjosito erjosito requested changes

@sdolgin sdolgin Awaiting requested review from sdolgin sdolgin is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jodyford-msft @brsteph @erjosito