Ensure that ADS - ATP 'Send alerts to' is set
Provide the email address where alerts will be sent when anomalous activities are detected on SQL servers.
Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.MON.24
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
SQLServer should have threatDetection.additionalEmails length()>0
REMEDIATION
From Portal
- Go to 'SQL Server' from Azure Management console and choose your instance.
- Under 'Security', select 'Microsoft Defender for Cloud' on the navigation menu.
- Click on 'Microsoft Defender for SQL' button.
- Now click on 'Configure' under 'Microsoft Defender for SQL' Heading.
- Under 'ADVANCED THREAT PROTECTION SETTINGS', select 'Add your contact details to the subscription's email settings in Defender for Cloud'.
- Provide the list of emails to receive notifications upon detection of anomalous database activities in the 'Additional email addresses' (separated by commas) text box.
- Click Save.
From TF
resource "azurerm_sql_server" "example" {
...
threat_detection_policy {
...
state = "enabled"
email_addresses = {
admin = "[email protected]"
...
}
...
}
}
From Command Line
Run
az sql db threat-policy update --resource-group RESOURCEGROUP --server SERVERNAME --name DBNAME --email-addresses EMAILID --email-account-admins Enabled
References
- https://learn.microsoft.com/en-us/azure/azure-sql/database/threat-detection-configure?view=azuresql
- https://learn.microsoft.com/en-us/cli/azure/sql/db/threat-policy?view=azure-cli-latest#az-sql-db-threat-policy-update
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server#threat_detection_policy
SQL Server on Virtual Machines
SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.
Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.
Compliance Frameworks
- Azure CIS Foundations v. 1.1.0
- Azure CIS Foundations v. 1.2.0
- Azure CloudGuard Best Practices
- Azure ISO 27001:2013
- Azure ITSG-33
- Azure NIST 800-53 Rev 5
- Azure New Zealand Information Security Manual (NZISM) v.3.4
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago