daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/sql/azure-sql-tde-not-enabled.yaml

70 lines
2.0 KiB
YAML
Raw Blame History

id: azure-sql-tde-not-enabled
info:
name: Azure SQL Transparent Data Encryption Not Enabled
author: princechaddha
severity: medium
description: |
Ensure that Transparent Data Encryption (also known as encryption at rest) is enabled for all SQL databases available within your Microsoft Azure cloud account for protecting your data at rest.
impact: |
Disabling TDE can expose sensitive data at rest to potential breaches, failing to comply with best security practices and regulatory requirements.
remediation: |
Enable Transparent Data Encryption on all your Azure SQL databases to protect data at rest using encryption.
reference:
- https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview
tags: cloud,devops,azure,microsoft,sql-database,azure-cloud-config
flow: |
code(1);
for (let serverId of iterate(template.serverIds)) {
set("serverId", serverId);
code(2);
for (let databaseId of iterate(template.databaseIds)) {
set("databaseId", databaseId);
code(3);
}
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az sql server list --query '[*].id'
extractors:
- type: json
name: serverIds
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az sql db list --ids "$serverId" --query '[*].id'
extractors:
- type: json
name: databaseIds
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az sql db tde show --ids "$databaseId" --query 'status'
matchers:
- type: word
words:
- 'Disabled'
extractors:
- type: dsl
dsl:
- 'serverId + " database " + databaseId + " has TDE disabled"'
# digest: 490a0046304402200e16ba9437b6ef3d947cdde0acb31df0fea8b059a477c00698af71c05f96b99e0220576d24e133d7c849aa6e5b27009d34e7b8bcb4f4459778ddf4d892842117b080:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink