Ensure that ADS - 'Advanced Threat Protection types' (ATP) is set to 'All'
Enabling all threat protection types protects against SQL injection, database vulnerabilities, and any other anomalous activities.
Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.VLN.02
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
SQLServer should have threatDetection.disabledAlerts contain [$ isEmpty()]
REMEDIATION
From Portal
- Go to 'SQL server' from Azure Management console and choose your SQL server that you want to examine.
- In the navigation panel, under Security, select 'Defender for Cloud'.
- If Microsoft Defender for SQL is enabled, you will see a 'Configure' link.
- Select on the 'Configure' link.
- Provide the required information and set 'Advanced Threat Protection Types' to 'All'.
- Click Save.
From TF
Do not include the 'disabled_alerts' argument under 'threat_detection_policy':
resource "azurerm_sql_server" "example" {
threat_detection_policy {
- disabled_alerts = "Access_Anomaly"
}
}
From Command Line
Run
az sql db threat-policy update --resource-group RESOURCEGROUPNAME --server SERVERNAME --name DB --disabled-alerts None
References
- https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql?view=azuresql#manage-microsoft-defender-for-sql-settings
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server#disabled_alerts
- https://learn.microsoft.com/en-us/cli/azure/sql/db/threat-policy?view=azure-cli-latest#az-sql-db-threat-policy-update
SQL Server on Virtual Machines
SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.
Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.
Compliance Frameworks
- Azure CIS Foundations v. 1.1.0
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CloudGuard Best Practices
- Azure HITRUST v9.5.0
- Azure ISO 27001:2013
- Azure ITSG-33
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago