Ensure That Microsoft Defender for Databases Is Set To 'On'

Turning on Microsoft Defender for Databases enables threat detection for the instances running your database software. This provides threat intelligence, anomaly detection, and behavior analytics in the Azure Microsoft Defender for Cloud. Instead of being enabled on services like Platform as a Service (PaaS), this implementation will run within your instances as Infrastructure as a Service (IaaS) on the Operating Systems hosting your databases.

Risk Level: High
Cloud Entity: Defender Plans
CloudGuard Rule ID: D9.AZU.MON.80
Covered by Spectral: No
Category: Security Center

GSL LOGIC

DefenderPlans where name in ('CosmosDbs' , 'OpenSourceRelationalDatabases', 'SqlServerVirtualMachines' , 'SqlServers') should have properties.pricingTier='Standard'

REMEDIATION

From Portal

  1. Go to 'Microsoft Defender for Cloud'.
  2. Click on 'Environment Settings' blade.
  3. Click on the subscription name.
  4. Select the Defender plans blade.
  5. Set 'Databases' Status to On.
  6. Click Save.

From TF
Set the 'tier' and 'resource_type' arguments under 'azurerm_security_center_subscription_pricing' as below:

resource "azurerm_security_center_subscription_pricing" "example" {
	...
	tier    = "Standard"
	resource_type = "ResourceType"
	...
}

Note : Update the resource_type attribute for each Database ('CosmosDbs' , 'OpenSourceRelationalDatabases', 'SqlServerVirtualMachines' , 'SqlServers').

From Command Line

Use the below command to enable Azure Defender for Database
Run

az security pricing create -n 'SqlServers' --tier 'Standard'
az security pricing create -n 'SqlServerVirtualMachines' --tier 'Standard'
az security pricing create -n 'OpenSourceRelationalDatabases' --tier 'Standard'
az security pricing create -n 'CosmosDbs' --tier 'Standard'

References

  1. https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-enable-database-protections
  2. https://learn.microsoft.com/en-us/cli/azure/security/pricing?view=azure-cli-latest
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing

Defender Plans

The Defender plans of Microsoft Defender for Cloud offer comprehensive defenses for the compute, data, and service layers of your environment

Compliance Frameworks

  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset