Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account

Enable Vulnerability Assessment (VA) service scans for critical SQL servers and corresponding SQL databases.

Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.MON.62
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should not have vulnerabilityAssessments contain [ storageContainerPath isEmpty() ]

REMEDIATION

From Portal

  1. Go to SQL servers.
  2. Click on Environment Settings.
  3. Click on Security Center.
  4. Select Configure next to Enabled at subscription-level.
  5. In Section Vulnerability Assessment Settings, Click Select Storage account.
  6. Choose Storage Account (Existing or Create New), Click Ok.
  7. Click Save.

From TF
Set the 'storage_container_path' argument under 'azurerm_mssql_server_vulnerability_assessment' as below:

resource "azurerm_mssql_server_vulnerability_assessment" "example" {
	...
	storage_container_path   = "STORAGE-ACCOUNT"
	...
}

From Command Line
Run the below command to reconfigure the SQL server to enable Vulnerability Assessment setting-

Update-AzSqlServerVulnerabilityAssessmentSetting -ServerName SERVERNAME -ResourceGroupName RESOURCEGROUPNAME -StorageAccountName STORAGEACCOUNTNAME

References

  1. https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment?view=azuresql&tabs=azure-powershell
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_vulnerability_assessment#storage_container_path
  3. https://learn.microsoft.com/en-us/powershell/module/az.sql/update-azsqlservervulnerabilityassessmentsetting?view=azps-8.3.0

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CIS Foundations v. 1.2.0
  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset