Resource Type: Azure > Network > Network Security Group

Resource Context

Network Security Group is a part of the Network service.

Each Network Security Group lives under a Resource Group.

Controls

The primary controls for Azure > Network > Network Security Group are:

• Active
• Approved
• CMDB
• Configured
• Discovery
• Egress Rules
• Ingress Rules
• ServiceNow
• Tags

It is also targeted by these controls:

• Azure > CIS v1 > 6 Networking > 6.01 Ensure that RDP access is restricted from the internet (Scored)
• Azure > CIS v1 > 6 Networking > 6.02 Ensure that SSH access is restricted from the internet (Scored)
• Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted

Quick Actions

• Delete from Azure
• Set Tags
• Skip alarm for Active control
• Skip alarm for Active control [90 days]
• Skip alarm for Approved control
• Skip alarm for Approved control [90 days]
• Skip alarm for Tags control
• Skip alarm for Tags control [90 days]

Category

• Networking

In Your Workspace

• Controls by Resource Type report
• Policy Settings by Resource Type report
• Resources by Resource Type report

Developers

Resource Type URI

tmod:@turbot/azure-network#/resource/types/networkSecurityGroup

Category URI

tmod:@turbot/turbot#/resource/categories/networking

GraphQL

query resource(id: "tmod:@turbot/azure-network#/resource/types/networkSecurityGroup") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/azure-network#/resource/types/networkSecurityGroup'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/azure-network#/resource/types/networkSecurityGroup"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-network#/resource/types/networkSecurityGroup';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-network#/resource/types/networkSecurityGroup"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-network#/resource/types/networkSecurityGroup' and notification_type in ('resource_updated', 'resource_created');