Describe the bug
refering to: turbot/steampipe#2477
Some CIS-Benchmark-Controls (Version 2) result in duplicated results, depending on the number of aggregated subscriptions. The following controls were identified during my investigation:
1.5 Ensure Guest Users Are Reviewed on a Regular Basis
-> every Guest User gets listed more than once, depending on the number of aggregated subscriptions.
1.14 Ensure That 'Users Can Register Applications' Is Set to 'No'
-> If set to yes -> the ALARM gets listed several times, depending on the number of aggregated subscriptions, even though it is a tenant wide setting and not a subscription-based setting
1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
-> If set to yes -> the ALARM gets listed several times, depending on the number of aggregated subscriptions. even though it is a tenant wide setting and not a subscription-based setting.
In my case I tested these cases with two aggregated subscriptions. The problem, especially for control 1.5, has been validated here: turbot/steampipe#2477
Steampipe version (steampipe -v)
v0.21.1
Plugin version (steampipe plugin list)
hub.steampipe.io/plugins/turbot/azure@latest | 0.51.0 | azure,azure_sub_XX,azure_sub_XX
hub.steampipe.io/plugins/turbot/azuread@latest | 0.14.0 | azuread
hub.steampipe.io/plugins/turbot/microsoft365@latest | 0.4.1 | microsoft365
hub.steampipe.io/plugins/turbot/steampipe@latest | 0.9.1 | steampipe
To reproduce
- aggregate more than one azure subscription (https://steampipe.io/docs/managing/connections#querying-multiple-connections & https://steampipe.io/docs/managing/connections#using-aggregators)
- run the CIS Benchmark, in my case
steampipe check benchmark.cis_v200
Expected behavior
Regarding Control 1.5: every user gets listed just once
Regarding Control 1.14 and 1.19: the setting gets evaluated once on tenant-level and not based on the number of subscriptions.
Additional context
thats all :)
Describe the bug
refering to: turbot/steampipe#2477
Some CIS-Benchmark-Controls (Version 2) result in duplicated results, depending on the number of aggregated subscriptions. The following controls were identified during my investigation:
1.5 Ensure Guest Users Are Reviewed on a Regular Basis-> every Guest User gets listed more than once, depending on the number of aggregated subscriptions.
1.14 Ensure That 'Users Can Register Applications' Is Set to 'No'-> If set to yes -> the ALARM gets listed several times, depending on the number of aggregated subscriptions, even though it is a tenant wide setting and not a subscription-based setting
1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'-> If set to yes -> the ALARM gets listed several times, depending on the number of aggregated subscriptions. even though it is a tenant wide setting and not a subscription-based setting.
In my case I tested these cases with two aggregated subscriptions. The problem, especially for control 1.5, has been validated here: turbot/steampipe#2477
Steampipe version (
steampipe -v)v0.21.1
Plugin version (
steampipe plugin list)hub.steampipe.io/plugins/turbot/azure@latest | 0.51.0 | azure,azure_sub_XX,azure_sub_XX
hub.steampipe.io/plugins/turbot/azuread@latest | 0.14.0 | azuread
hub.steampipe.io/plugins/turbot/microsoft365@latest | 0.4.1 | microsoft365
hub.steampipe.io/plugins/turbot/steampipe@latest | 0.9.1 | steampipe
To reproduce
steampipe check benchmark.cis_v200Expected behavior
Regarding Control 1.5: every user gets listed just once
Regarding Control 1.14 and 1.19: the setting gets evaluated once on tenant-level and not based on the number of subscriptions.
Additional context
thats all :)