Ensure SQL Server Threat Detection is Enabled and Retention Logs are greater than 90 days

Azure SQL Database Threat Detection is a security intelligence feature built into the Azure SQL Database service. Working around the clock to learn, profile and detect anomalous database activities, Azure SQL Database Threat Detection identifies potential threats to the database. Security officers or other designated administrators can get an immediate notification about suspicious database activities as they occur. Each notification provides details of the suspicious activity and recommends how to further investigate and mitigate the threat.

Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.MON.51
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should have threatDetection.state='Enabled' and ( threatDetection.retentionDays=0 or threatDetection.retentionDays>=90 )

REMEDIATION

Using Azure Powershell:
Update-AzSqlServerAdvancedThreatProtectionSettings -ResourceGroupName ResourceGroup11 -ServerName Server01 -NotificationRecipientsEmails [email protected];[email protected] -EmailAdmins $True -StorageAccountName mystorageAccount -RetentionInDays 0

From TF:

resource "azurerm_sql_server" "example" {
	threat_detection_policy {
		-   state = "disabled"
		-   retention_days = 45
		+   state = "enabled"
		+   retention_days = 90
	}
}

References: https://docs.microsoft.com/en-us/powershell/module/az.sql/update-azsqlserveradvancedthreatprotectionsettings?view=azps-2.8.0

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CloudGuard Best Practices
  • Azure HITRUST v9.5.0
  • Azure ITSG-33