Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

Categories Azure
Created by William Martin
Created on Mar 9, 2023

Azure: Network Security Group - Open RDP

This query is used to find Azure Network Security Groups that have a rule which allows access to port 3389 (RDP) from any source (*). The query returns the name of any security groups that have this rule.


Leaving RDP (Remote Desktop Protocol) exposed to access from any source is generally considered a security risk because it could allow unauthorized individuals or malicious software to gain access to the system. This rule is automatically created by default when provisioning Virtual Machines in Azure and should be removed (or limited) immediately after establishing other remote access mechanisms.


Please not that this query does not evaluate for other rules that may supersede and mitigate this risky configuration.



Query

NetworkSecurityGroups[?properties.securityRules[?properties.sourceAddressPrefix == '*' && properties.destinationPortRange == '3389' && properties.access == 'Allow']].name

  • Attach files