Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server

Enable Vulnerability Assessment (VA) Periodic recurring scans for critical SQL servers and corresponding SQL databases.

Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.MON.63
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should have vulnerabilityAssessments contain [ recurringScansProperties.isEnabled=true ]

REMEDIATION

From Portal

  1. Go to SQL servers.
  2. Click on Environment Settings.
  3. Click on Security Center.
  4. In Section Vulnerability Assessment Settings, set Storage Account if not already.
  5. Toggle 'Periodic recurring scans' to ON.
  6. Click Save.

From TF
Set the 'enabled' argument under 'recurring_scans' to true:

resource "azurerm_mssql_server_vulnerability_assessment" "example" {
	...
	recurring_scans {
		enabled                   = true
		email_subscription_admins = true
		emails = [
		"[email protected]",
		"[email protected]"
		]
		...
	}
}

From Command Line
Run the below command to reconfigure the SQL server to enable Vulnerability Assessment (VA) Periodic recurring scans-

Update-AzSqlServerVulnerabilityAssessmentSetting -ServerName SERVERNAME -ResourceGroupName RESOURCEGROUPNAME -StorageAccountName STORAGEACCOUNTNAME -RecurringScansInterval Weekly -EmailAdmins $true -NotificationEmail EMAILID

References

  1. https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment?view=azuresql&tabs=azure-powershell
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_vulnerability_assessment#recurring_scans
  3. https://learn.microsoft.com/en-us/powershell/module/az.sql/update-azsqlservervulnerabilityassessmentsetting?view=azps-8.3.0

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CIS Foundations v. 1.2.0
  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset