Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers

Azure Defender for SQL is a unified package for advanced SQL security capabilities. Azure Defender is available for Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. It includes functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database. It provides a single go-to location for enabling and managing these capabilities.

Suggest Edits

Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.VLN.01
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should have threatDetection.state='Enabled'

REMEDIATION

From Portal

  1. Go to 'SQL server' from Azure Management console and choose your SQL server that you want to examine.
  2. In the navigation panel, under Security, select 'Security center'.
  3. On the Azure Defender for SQL configuration page, Enable Azure Defender for SQL on the server.
  4. Provide the required information.
  5. Click Save.

From TF
Set the 'state' argument under 'threat_detection_policy' to 'enabled':

resource 'azurerm_sql_server' 'example' {
	..
	threat_detection_policy {
		..
		state= Enabled
		..
	}
	..
}

Note: In order to set the threat detection policy on an Azure SQL server there are further configurations required, see documentation.

From Command Line
Run

Set-AzureRmSqlServerThreatDetectionPolicy -ServerName SQLSERVERNAME -ResourceGroupName RESOURCEGRUPNAME -ExcludedDetectionType NONE

References

  1. https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-configure
  2. https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverthreatdetectionpolicy?view=azurermps-6.13.0
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server#threat_detection_policy

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • Azure CIS Foundations v. 1.1.0
  • Azure CIS Foundations v. 1.2.0
  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure HITRUST v9.5.0
  • Azure ITSG-33
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset
  • Microsoft Cloud Security Benchmark

Updated 7 months ago