From cfda49a3d23b82e650dbf65330030d8cfe5e999d Mon Sep 17 00:00:00 2001
From: Jason Kao <jason@cloudquery.io>
Date: Wed, 21 Dec 2022 00:57:18 -0500
Subject: [PATCH 1/3] update auto provisioning queries

---
 ...omatic_provisioning_log_analytics_monitoring_agent.sql | 8 +++++---
 .../auto_provisioning_monitoring_agent_enabled.sql        | 4 ++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/plugins/source/azure/policies/queries/security/asc_automatic_provisioning_log_analytics_monitoring_agent.sql b/plugins/source/azure/policies/queries/security/asc_automatic_provisioning_log_analytics_monitoring_agent.sql
index 7ccece32a31fa8..ccf1ef30d7284e 100644
--- a/plugins/source/azure/policies/queries/security/asc_automatic_provisioning_log_analytics_monitoring_agent.sql
+++ b/plugins/source/azure/policies/queries/security/asc_automatic_provisioning_log_analytics_monitoring_agent.sql
@@ -4,12 +4,14 @@ SELECT
   :'framework' as framework,
   :'check_id' as check_id,
   'Auto provisioning of the Log Analytics agent should be enabled on your subscription' as title,
-  azure_subscriptions.id AS subscription_id,
+  azure_subscription_subscriptions.id AS subscription_id,
 	azure_security_auto_provisioning_settings._cq_id,
   case
-    when auto_provision IS DISTINCT FROM 'AutoProvisionOn'
+    when properties->>'autoProvision' IS DISTINCT FROM 'On'
     then 'fail' else 'pass'
   end
 FROM
 	azure_security_auto_provisioning_settings
-	RIGHT JOIN azure_subscriptions ON azure_security_auto_provisioning_settings.subscription_id = azure_subscriptions.id
+	RIGHT JOIN azure_subscription_subscriptions ON azure_security_auto_provisioning_settings.subscription_id = azure_subscription_subscriptions.id
+
+--TODO: Seems similar to auto_provisioning_monitoring_agent_enabled.sql where that setting is for Monitoring Agent.  This query should be checked for accuracy.
\ No newline at end of file
diff --git a/plugins/source/azure/policies/queries/security/auto_provisioning_monitoring_agent_enabled.sql b/plugins/source/azure/policies/queries/security/auto_provisioning_monitoring_agent_enabled.sql
index 19c14f4203d0a9..52a74198707ea0 100644
--- a/plugins/source/azure/policies/queries/security/auto_provisioning_monitoring_agent_enabled.sql
+++ b/plugins/source/azure/policies/queries/security/auto_provisioning_monitoring_agent_enabled.sql
@@ -7,8 +7,8 @@ SELECT
   subscription_id,
   id,
   case
-    when auto_provision = 'On'
+    when properties->>'autoProvision' = 'On'
     then 'pass' else 'fail'
   end
 FROM azure_security_auto_provisioning_settings asaps
-WHERE "name" = 'default'
+WHERE "name" = 'default'
\ No newline at end of file

From f53435aef4e4615bae2150b1f602192b351291cd Mon Sep 17 00:00:00 2001
From: Jason Kao <jason@cloudquery.io>
Date: Wed, 21 Dec 2022 18:14:16 -0500
Subject: [PATCH 2/3] fix storage account unrestricted network access check

---
 .../storage/accounts_with_unrestricted_access.sql      | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/plugins/source/azure/policies/queries/storage/accounts_with_unrestricted_access.sql b/plugins/source/azure/policies/queries/storage/accounts_with_unrestricted_access.sql
index 8cc7136bad7145..3eb3e88cad1913 100644
--- a/plugins/source/azure/policies/queries/storage/accounts_with_unrestricted_access.sql
+++ b/plugins/source/azure/policies/queries/storage/accounts_with_unrestricted_access.sql
@@ -4,10 +4,12 @@ SELECT
   :'framework',
   :'check_id',
   'Storage accounts should restrict network access',
-  subscription_id,
-  id,
+  az_sub.subscription_id,
+  az_stor.id,
   case
-    when network_acls->>'defaultAction' IS DISTINCT FROM 'Deny'
+    when az_stor.properties -> 'networkAcls' ->>'defaultAction' IS DISTINCT FROM 'Deny'
       then 'fail' else 'pass'
   end
-FROM azure_storage_accounts
\ No newline at end of file
+FROM azure_storage_accounts as az_stor
+LEFT JOIN azure_subscription_subscriptions as az_sub
+ON az_sub.subscription_id = SUBSTRING(az_stor.id,16,36)
\ No newline at end of file

From 74a738810e9a0f2db4e78f5aafc80198a354a6cc Mon Sep 17 00:00:00 2001
From: Jason Kao <jason@cloudquery.io>
Date: Wed, 21 Dec 2022 20:18:31 -0500
Subject: [PATCH 3/3] update storage secure transfer query

---
 ..._transfer_to_storage_accounts_should_be_enabled.sql | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/plugins/source/azure/policies/queries/storage/secure_transfer_to_storage_accounts_should_be_enabled.sql b/plugins/source/azure/policies/queries/storage/secure_transfer_to_storage_accounts_should_be_enabled.sql
index 0e86bf576d441f..98ca24d45516aa 100644
--- a/plugins/source/azure/policies/queries/storage/secure_transfer_to_storage_accounts_should_be_enabled.sql
+++ b/plugins/source/azure/policies/queries/storage/secure_transfer_to_storage_accounts_should_be_enabled.sql
@@ -4,10 +4,12 @@ SELECT
   :'framework',
   :'check_id',
   'Secure transfer to storage accounts should be enabled',
-  subscription_id,
-  id,
+  az_sub.subscription_id,
+  az_stor.id,
   case
-    when supports_https_traffic_only IS NOT TRUE
+    when az_stor.properties ->> 'supportsHttpsTrafficOnly' IS DISTINCT FROM 'true'
       then 'fail' else 'pass'
   end
-FROM azure_storage_accounts
+FROM azure_storage_accounts as az_stor
+LEFT JOIN azure_subscription_subscriptions as az_sub
+ON az_sub.subscription_id = SUBSTRING(az_stor.id,16,36)