You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am looking for some advice on creating a complex policy which involves cross-referencing two fields of the same resource, each field being an array. A practical example I have in mind is checking if an Azure App Gateway has any public IP address that is tied to an HTTP Listener. This means we have to compare "properties.frontendIPConfigurations" with "properties.httpListeners" and the bond between the two is "properties.frontendIPConfigurations.id" -> "properties.httpListeners.properties.frontendIPConfiguration.id".
I was able to create a similar policy with Rego in Wiz, which compares two lists of frontendIPConfiguration IDs, one from "properties.frontendIPConfigurations" and the other from "properties.httpListeners". Any overlap between these two sets indicates an exposure on the public internet.
I hope the above makes sense. Thank you.
The text was updated successfully, but these errors were encountered:
Hi,
I am looking for some advice on creating a complex policy which involves cross-referencing two fields of the same resource, each field being an array. A practical example I have in mind is checking if an Azure App Gateway has any public IP address that is tied to an HTTP Listener. This means we have to compare "properties.frontendIPConfigurations" with "properties.httpListeners" and the bond between the two is "properties.frontendIPConfigurations.id" -> "properties.httpListeners.properties.frontendIPConfiguration.id".
I was able to create a similar policy with Rego in Wiz, which compares two lists of frontendIPConfiguration IDs, one from "properties.frontendIPConfigurations" and the other from "properties.httpListeners". Any overlap between these two sets indicates an exposure on the public internet.
I hope the above makes sense. Thank you.
The text was updated successfully, but these errors were encountered: