[create-pull-request] automated change

Azure · Oct 21, 2024 · 0062ab9 · 0062ab9
1 parent d93337a
commit 0062ab9
Show file tree

Hide file tree

Showing 37 changed files with 4,318 additions and 4,038 deletions.
diff --git a/checklists-ext/fullwaf_checklist.en.json b/checklists-ext/fullwaf_checklist.en.json
@@ -7376,6 +7376,7 @@
             "description": "Azure Event Hub provides encryption of data at rest. If you use your own key, the data is still encrypted using the Microsoft-managed key, but in addition the Microsoft-managed key will be encrypted using the customer-managed key. ",
             "guid": "7aaf12e7-b94e-4f6e-847d-2d92981b1cd6",
             "link": "https://learn.microsoft.com/azure/event-hubs/configure-customer-managed-key",
+            "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend SkuName = tostring(sku.name) | extend EncryptionEnabled = iif(isnotempty(properties.encryption.keySource), 'Enabled', 'Disabled') | extend compliant = iif(EncryptionEnabled == 'Enabled', true, false) | project name, resourceGroup, location, SkuName, EncryptionEnabled, compliant | where SkuName == 'Premium'",
             "service": "Event Hubs",
             "severity": "Low",
             "text": "Use customer-managed key option in data at rest encryption when required",
@@ -7388,6 +7389,7 @@
             "description": "Azure Event Hubs namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Event Hubs namespace to require that clients send and receive data with a newer version of TLS. If an Event Hubs namespace requires a minimum version of TLS, then any requests made with an older version will fail. ",
             "guid": "d2f54b29-769e-43a6-a0e7-828ac936657e",
             "link": "https://learn.microsoft.com/azure/event-hubs/transport-layer-security-configure-minimum-version",
+            "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend MinimumTlsVersion = tostring(properties.minimumTlsVersion) | extend compliant = iif(MinimumTlsVersion == '1.2' or MinimumTlsVersion == '1.3', true, false) | project name, resourceGroup, location, MinimumTlsVersion, compliant",
             "service": "Event Hubs",
             "severity": "Medium",
             "text": "Enforce a minimum required version of Transport Layer Security (TLS) for requests ",
@@ -7482,6 +7484,7 @@
             "description": " This will be turned on automatically for a new EH namespace created from the portal with Premium, Dedicated, or Standard SKUs in a zone-enabled region. Both the EH metadata and the event data itself are replicated across zones",
             "guid": "f15bce21-9e4a-40eb-9787-9424d226786d",
             "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-premium-overview#high-availability-with-availability-zones",
+            "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend zoneRedundant = tobool(properties.zoneRedundant) | extend compliant = iff(zoneRedundant == true, true, false) | project name, resourceGroup, zoneRedundant, compliant",
             "service": "Event Hubs",
             "severity": "High",
             "text": "Leverage Availability Zones if regionally applicable",
@@ -7492,6 +7495,7 @@
             "checklist": "Azure Event Hub Review",
             "guid": "20b56c56-ad58-4519-8f82-735c586bb281",
             "link": "https://learn.microsoft.com/azure/event-hubs/compare-tiers",
+            "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend sku = tostring(sku.name) | extend compliant = iff(sku == 'Premium', true, false) | project name, resourceGroup, location, sku, compliant",
             "service": "Event Hubs",
             "severity": "Medium",
             "text": "Use the Premium or Dedicated SKUs   for predicable performance",