Azure Resource Manager

AzureResourceManager Queries List¶

This page contains all queries from AzureResourceManager.

Query	Severity	Category	More info
SQL Database Server Firewall Allows All IPS ^{_{6a3201a5-1630-494b-b294-3129d06b0eca}}	Critical	Networking and Firewall	Query details Documentation
AKS Cluster RBAC Disabled ^{_{9307a2ed-35c2-413d-94de-a1a0682c2158}}	High	Access Control	Query details Documentation
Default Azure Storage Account Network Access Is Too Permissive ^{_{d855ced8-6157-448f-9f1d-f05a41d046f7}}	High	Access Control	Query details Documentation
Role Definitions Allow Custom Subscription Role Creation ^{_{8fa9ceea-881f-4ef0-b0b8-728f589699a7}}	High	Access Control	Query details Documentation
Key Vault Not Recoverable ^{_{7c25f361-7c66-44bf-9b69-022acd5eb4bd}}	High	Backup	Query details Documentation
Azure Managed Disk Without Encryption ^{_{350f3955-b5be-436f-afaa-3d2be2fa6cdd}}	High	Encryption	Query details Documentation
Network Security Group With Unrestricted Access To RDP ^{_{59cb3da7-f206-4ae6-b827-7abf0a9cab9d}}	High	Networking and Firewall	Query details Documentation
Storage Blob Service Container With Public Access ^{_{a0ab985d-660b-41f7-ac81-70957ee8e627}}	High	Networking and Firewall	Query details Documentation
Hardcoded SecureString Parameter Default Value ^{_{4d2cf896-c053-4be5-9c95-8b4771112f29}}	High	Secret Management	Query details Documentation
App Service Authentication Is Not Set ^{_{83130a07-235b-4a80-918b-a370e53f0bd9}}	Medium	Access Control	Query details Documentation
Azure Instance Using Basic Authentication ^{_{6797f581-0433-4768-ae3e-7ceb2f8b138e}}	Medium	Best Practices	Query details Documentation
Secret Without Expiration Date ^{_{cff9c3f7-e8f0-455f-9fb4-5f72326da96e}}	Medium	Best Practices	Query details Documentation
SQL Server Database With Alerts Disabled ^{_{574e8d82-1db2-4b9c-b526-e320ede9a9ff}}	Medium	Best Practices	Query details Documentation
Storage Account Allows Unsecure Transfer ^{_{1367dd13-2c90-4020-80b7-e4339a3dc2c4}}	Medium	Encryption	Query details Documentation
Web App Not Using TLS Last Version ^{_{b5c851d5-00f1-43dc-a8de-3218fd6f71be}}	Medium	Encryption	Query details Documentation
AKS Cluster Network Policy Not Configured ^{_{25c0228e-4444-459b-a2df-93c7df40b7ed}}	Medium	Insecure Configurations	Query details Documentation
Website Not Forcing HTTPS ^{_{488847ff-6031-487c-bf42-98fd6ac5c9a0}}	Medium	Insecure Configurations	Query details Documentation
MySQL Server SSL Enforcement Disabled ^{_{90120147-f2e7-4fda-bb21-6fa9109afd63}}	Medium	Networking and Firewall	Query details Documentation
Network Security Group With Unrestricted Access To SSH ^{_{2ade1579-4b2c-4590-bebb-f99bf597f612}}	Medium	Networking and Firewall	Query details Documentation
PostgreSQL Database Server Connection Throttling Disabled ^{_{a6d774b6-d9ea-4bf4-8433-217bf15d2fb8}}	Medium	Networking and Firewall	Query details Documentation
PostgreSQL Database Server Log Checkpoints Disabled ^{_{f9112910-c7bb-4864-9f5e-2059ba413bb7}}	Medium	Networking and Firewall	Query details Documentation
PostgreSQL Database Server Log Connections Disabled ^{_{e69bda39-e1e2-47ca-b9ee-b6531b23aedd}}	Medium	Networking and Firewall	Query details Documentation
PostgreSQL Database Server SSL Disabled ^{_{bf500309-da53-4dd3-bcf7-95f7974545a5}}	Medium	Networking and Firewall	Query details Documentation
Trusted Microsoft Services Not Enabled ^{_{e25b56cd-a4d6-498f-ab92-e6296a082097}}	Medium	Networking and Firewall	Query details Documentation
Website with Client Certificate Auth Disabled ^{_{92302b47-b0cc-46cb-a28f-5610ecda140b}}	Medium	Networking and Firewall	Query details Documentation
AKS Logging To Azure Monitoring Is Disabled ^{_{9b09dee1-f09b-4013-91d2-158fa4695f4b}}	Medium	Observability	Query details Documentation
SQL Server Database Without Auditing ^{_{e055285c-bc01-48b4-8aa5-8a54acdd29df}}	Medium	Observability	Query details Documentation
Storage Logging For Read Write And Delete Requests Disabled ^{_{43f6e60c-9cdb-4e77-864d-a66595d26518}}	Medium	Observability	Query details Documentation
Website Azure Active Directory Disabled ^{_{e9c133e5-c2dd-4b7b-8fff-40f2de367b56}}	Low	Access Control	Query details Documentation
Phone Number Not Set For Security Contacts ^{_{3e9fcc67-1f64-405f-b2f9-0a6be17598f0}}	Low	Best Practices	Query details Documentation
AKS Dashboard Is Enabled ^{_{c62d3b92-9a11-4ffd-b7b7-6faaae83faed}}	Low	Insecure Configurations	Query details Documentation
AKS With Authorized IP Ranges Disabled ^{_{2583fab1-953b-4fae-bd02-4a136a6c21f9}}	Low	Networking and Firewall	Query details Documentation
Storage Account Allows Default Network Access ^{_{9073f073-5d60-4b46-b569-0d6baa80ed95}}	Low	Networking and Firewall	Query details Documentation
Website with 'Http20Enabled' Disabled ^{_{70111098-7f85-48f0-b1b4-e4261cf5f61b}}	Low	Networking and Firewall	Query details Documentation
Log Profile Incorrect Category ^{_{4d522e7b-f938-4d51-a3b1-974ada528bd3}}	Low	Observability	Query details Documentation
SQL Server Database With Unrecommended Retention Days ^{_{c09cdac2-7670-458a-bf6c-efad6880973a}}	Low	Observability	Query details Documentation
Unrecommended Log Profile Retention Policy ^{_{25684eac-daaa-4c2c-94b4-8d2dbb627909}}	Low	Observability	Query details Documentation
Unrecommended Network Watcher Flow Log Retention Policy ^{_{564b70f8-41cd-4690-aff8-bb53add86bc9}}	Low	Observability	Query details Documentation
Standard Price Is Not Selected ^{_{2081c7d6-2851-4cce-bda5-cb49d462da42}}	Low	Resource Management	Query details Documentation
Account Admins Not Notified By Email ^{_{a8852cc0-fd4b-4fc7-9372-1e43fad0732e}}	Info	Best Practices	Query details Documentation
SQL Alert Policy Without Emails ^{_{89b79fe5-49bd-4d39-84ce-55f5fc6f7764}}	Info	Best Practices	Query details Documentation
Email Notifications Disabled ^{_{79c2c2c0-eb00-47c0-ac16-f8b0e2c81c92}}	Info	Networking and Firewall	Query details Documentation