Ensure that ADS - ATP 'Send alerts to' is set

Provide the email address where alerts will be sent when anomalous activities are detected on SQL servers.

Suggest Edits

Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.MON.24
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should have threatDetection.additionalEmails length()>0

REMEDIATION

From Portal

  1. Go to 'SQL Server' from Azure Management console and choose your instance.
  2. Under 'Security', select 'Microsoft Defender for Cloud' on the navigation menu.
  3. Click on 'Microsoft Defender for SQL' button.
  4. Now click on 'Configure' under 'Microsoft Defender for SQL' Heading.
  5. Under 'ADVANCED THREAT PROTECTION SETTINGS', select 'Add your contact details to the subscription's email settings in Defender for Cloud'.
  6. Provide the list of emails to receive notifications upon detection of anomalous database activities in the 'Additional email addresses' (separated by commas) text box.
  7. Click Save.

From TF

resource "azurerm_sql_server" "example" {
	...
	threat_detection_policy {
		...
		state = "enabled"
		email_addresses = {
			admin = "[email protected]"
			...
		}
		...
	}
}

From Command Line
Run

az sql db threat-policy update --resource-group RESOURCEGROUP --server SERVERNAME --name DBNAME --email-addresses EMAILID --email-account-admins Enabled

References

  1. https://learn.microsoft.com/en-us/azure/azure-sql/database/threat-detection-configure?view=azuresql
  2. https://learn.microsoft.com/en-us/cli/azure/sql/db/threat-policy?view=azure-cli-latest#az-sql-db-threat-policy-update
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server#threat_detection_policy

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • Azure CIS Foundations v. 1.1.0
  • Azure CIS Foundations v. 1.2.0
  • Azure CloudGuard Best Practices
  • Azure ISO 27001:2013
  • Azure ITSG-33
  • Azure NIST 800-53 Rev 5
  • Azure New Zealand Information Security Manual (NZISM) v.3.4
  • CloudGuard Azure All Rules Ruleset

Updated 7 months ago