daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/synapse/azure-synapse-sqlpool-tde-d...

70 lines
2.2 KiB
YAML
Raw Permalink Blame History

id: azure-synapse-sqlpool-tde-disabled
info:
name: Azure Synapse Analytics SQL Pool Transparent Data Encryption Not Enabled
author: princechaddha
severity: high
description: |
Ensure that Transparent Data Encryption (TDE) is enabled for all dedicated SQL pools within Microsoft Azure Synapse Analytics workspaces in order to protect your data at rest and help meet compliance requirements.
impact: |
Failing to enable Transparent Data Encryption (TDE) can result in non-compliance with regulatory requirements and increased risk of unauthorized access to sensitive data at rest.
remediation: |
Enable Transparent Data Encryption (TDE) for all Azure Synapse Analytics dedicated SQL pools to ensure your data at rest is encrypted and secure.
reference:
- https://docs.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-overview-what-is
tags: cloud,devops,azure,microsoft,synapse,azure-cloud-config
flow: |
code(1);
for (let workspaceId of iterate(template.workspaceIds)) {
set("workspaceId", workspaceId);
code(2);
for (let sqlPoolId of iterate(template.sqlPoolIds)) {
set("sqlPoolId", sqlPoolId);
code(3);
}
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az synapse workspace list --query '[*].id'
extractors:
- type: json
name: workspaceIds
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az synapse sql pool list --workspace-name "$workspaceId" --resource-group "$resourceGroup" --query '[*].id'
extractors:
- type: json
name: sqlPoolIds
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az synapse sql pool tde show --ids "$sqlPoolId" --transparent-data-encryption-name current --query 'status'
matchers:
- type: word
words:
- '"Disabled"'
extractors:
- type: dsl
dsl:
- 'workspaceId + " " + sqlPoolId + " does not have TDE enabled"'
# digest: 490a004630440220013f933e3f010b5ab5f4d6d5c849dbcefa5b4df50c504c302b984f096b46a88f022056f016eb9d39bb72b5e6ec579c93f2c733cd393daa4a897f9a404e8f5b77dc4a:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink