Prowler Documentation Site

Azure networking policies

prowler-cloud/prowler

Azure networking policies

Ensure Azure instance authenticates using SSH keys

Ensure RDP Internet access is restricted

Ensure SSH Internet access is restricted

Ensure SQL databases do not allow ingress from 0.0.0.0/0

Ensure Azure App Service Web app redirects HTTP to HTTPS

Ensure Web App uses the latest version of TLS encryption

Ensure Web App has incoming client certificates enabled

Ensure Web App uses the latest version of HTTP

Ensure MySQL server databases have Enforce SSL connection enabled

Ensure Azure PostgreSQL database server with SSL connection is enabled

Ensure Azure PostgreSQL database server with log checkpoints parameter is enabled

Ensure Azure PostgreSQL database server with log connections parameter is enabled

Ensure Azure PostgreSQL database server with connection throttling parameter is enabled

Ensure public access level for Blob Containers is set to private

Ensure Azure Storage Account default network access is set to Deny

Ensure Azure Storage Account Trusted Microsoft Services access is enabled

Ensure MariaDB servers have Enforce SSL connection enabled

Ensure Azure storage account does not allow blob containers with public access

Ensure storage accounts have secure transfer enabled

Ensure PostgreSQL server disables public network access

Ensure function apps are only accessible over HTTPS

Ensure UDP Services are restricted from the Internet

Ensure Azure cache for Redis has public network access disabled

Ensure only SSL are enabled for cache for Redis

Ensure Azure container container group is deployed into a virtual network

Ensure Cosmos DB accounts have restricted access

Ensure Azure Synapse workspaces have no IP firewall rules attached

Ensure Azure Cosmos DB disables public network access

Ensure Azure Data factory public network access is disabled

Ensure Azure Event Grid domain public network access is disabled

Ensure API management services use virtual networks

Ensure Azure IoT Hub disables public network access

Ensure key vault allows firewall rules settings

Ensure SQL server disables public network access

Ensure Azure virtual machine NIC has IP forwarding disabled

Ensure network interfaces do not use public IPs

Ensure Azure application gateway has WAF enabled

Ensure Azure front door has WAF enabled

Ensure application gateway uses WAF in Detection or Prevention modes

Ensure Azure front door uses WAF in Detection or Prevention modes

Ensure Azure cognitive search disables public network access

Ensure Azure file sync disables public network access

Ensure Azure Synapse Workspaces enable managed virtual networks

Ensure My SQL server disables public network access

Ensure 'public network access enabled' is set to False for MySQL servers