Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
Enable Vulnerability Assessment (VA) service scans for critical SQL servers and corresponding SQL databases.
Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.MON.62
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
SQLServer should not have vulnerabilityAssessments contain [ storageContainerPath isEmpty() ]
REMEDIATION
From Portal
- Go to SQL servers.
- Click on Environment Settings.
- Click on Security Center.
- Select Configure next to Enabled at subscription-level.
- In Section Vulnerability Assessment Settings, Click Select Storage account.
- Choose Storage Account (Existing or Create New), Click Ok.
- Click Save.
From TF
Set the 'storage_container_path' argument under 'azurerm_mssql_server_vulnerability_assessment' as below:
resource "azurerm_mssql_server_vulnerability_assessment" "example" {
...
storage_container_path = "STORAGE-ACCOUNT"
...
}
From Command Line
Run the below command to reconfigure the SQL server to enable Vulnerability Assessment setting-
Update-AzSqlServerVulnerabilityAssessmentSetting -ServerName SERVERNAME -ResourceGroupName RESOURCEGROUPNAME -StorageAccountName STORAGEACCOUNTNAME
References
- https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment?view=azuresql&tabs=azure-powershell
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_vulnerability_assessment#storage_container_path
- https://learn.microsoft.com/en-us/powershell/module/az.sql/update-azsqlservervulnerabilityassessmentsetting?view=azps-8.3.0
SQL Server on Virtual Machines
SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.
Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago