Skip to content
Nuclei Templates

Azure VNet DDoS Unprotected Check

ID: azure-vnet-ddos-protection

Severity: medium

Author: princechaddha

Tags: cloud,devops,azure,microsoft,ddos,azure-cloud-config

Description

Section titled “Description”

Ensure that DDoS Standard Protection feature is enabled for all your security-critical Microsoft Azure virtual networks (VNETs). DDoS Protection Standard is a premium paid cloud feature that offers enhanced Distributed Denial-of-Service (DDoS) mitigation capabilities via adaptive tuning, attack alert notifications, and telemetry to protect against the impacts of large DDoS attacks for all the protected resources available within your Azure virtual networks.

YAML Source

Section titled “YAML Source”
id: azure-vnet-ddos-protection
info:
  name: Azure VNet DDoS Unprotected Check
  author: princechaddha
  severity: medium
  description: |
    Ensure that DDoS Standard Protection feature is enabled for all your security-critical Microsoft Azure virtual networks (VNETs). DDoS Protection Standard is a premium paid cloud feature that offers enhanced Distributed Denial-of-Service (DDoS) mitigation capabilities via adaptive tuning, attack alert notifications, and telemetry to protect against the impacts of large DDoS attacks for all the protected resources available within your Azure virtual networks.
  impact: |
    Not enabling DDoS Standard Protection can leave your virtual networks vulnerable to distributed denial-of-service attacks, potentially leading to significant disruptions and loss of service.
  remediation: |
    Enable DDoS Standard Protection for all security-critical virtual networks in your Microsoft Azure subscription to mitigate the risks associated with DDoS attacks.
  reference:
    - https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview
  tags: cloud,devops,azure,microsoft,ddos,azure-cloud-config


flow: |
  code(1);
  for (let VnetData of iterate(template.vnetdata)) {
    VnetData = JSON.parse(VnetData)
    set("vnet", VnetData.name)
    set("resourcegroup", VnetData.resourceGroup)
    code(2)
  }


self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az network vnet list --query '[*].{name:name, resourceGroup:resourceGroup}' --output json


    extractors:
      - type: json
        name: vnetdata
        internal: true
        json:
          - '.[]'


  - engine:
      - sh
      - bash
    source: |
      az network vnet show --resource-group $resourcegroup --name $vnet --query "provisioningState" --output json


    matchers:
      - type: word
        words:
          - 'false'


    extractors:
      - type: dsl
        dsl:
          - '"DDoS Protection is not enabled for " + vnet + " virtual network"'
# digest: 480a00453043021f41808862b3a7fa48d23b2db5bb3e9bbbbbde86d1511a61440119a9bd9a1e35022064f385768aad9ae411160ebc0cf968e00ef4b3165dbabc3859c0a04681e6a750:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "cloud/azure/network/azure-vnet-ddos-protection.yaml"

View on Github