Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
VA scan reports and alerts will be sent to admins and subscription owners by enabling setting 'Also send email notifications to admins and subscription owners'. This may help in reducing time required for identifying risks and taking corrective measures.
Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.MON.25
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
SQLServer should have vulnerabilityAssessments contain [ recurringScansProperties.emailSubscriptionAdmins=true ]
REMEDIATION
From Portal
- Go to 'SQL Databases' from Azure Management console and choose your SQL DB.
- Under 'Security', select 'Microsoft Defender for Cloud' on the navigation menu.
- Click on 'Microsoft Defender for SQL' button.
- Ensure you have added email address under 'send scan reports to' and enable 'Also send email notifications to admins and subscription owners' for Microsoft Defender for SQL.
- Click Save.
From TF
Set the 'email_subscription_admins' argument under 'recurring_scans' to true:
resource "azurerm_mssql_server_vulnerability_assessment" "example" {
...
recurring_scans {
...
enabled = true
email_subscription_admins = true
emails = [
"[email protected]",
"[email protected]"
...
}
...
}
From Command Line
Run
Update-AzSqlServerVulnerabilityAssessmentSetting -ResourceGroupName RESOURCEGROUP -ServerName SERVERNAME -StorageAccountName STORAGEACCOUNT -ScanResultsContainerName vulnerability-assessment -RecurringScansInterval Weekly -EmailAdmins $true -NotificationEmail EMAILID
References
- https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql?view=azuresql
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_vulnerability_assessment#email_subscription_admins
- https://learn.microsoft.com/en-us/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-9.0.1#-emailadmins
SQL Server on Virtual Machines
SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.
Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.
Compliance Frameworks
- Azure CIS Foundations v. 1.1.0
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure ISO 27001:2013
- Azure ITSG-33
- Azure NIST 800-53 Rev 5
- Azure New Zealand Information Security Manual (NZISM) v.3.4
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago