Guides

Ensure that ADS - 'Advanced Threat Protection types' (ATP) is set to 'All'

Enabling all threat protection types protects against SQL injection, database vulnerabilities, and any other anomalous activities.

Suggest Edits

Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.VLN.02
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should have threatDetection.disabledAlerts contain [$ isEmpty()]

REMEDIATION

From Portal

  1. Go to 'SQL server' from Azure Management console and choose your SQL server that you want to examine.
  2. In the navigation panel, under Security, select 'Defender for Cloud'.
  3. If Microsoft Defender for SQL is enabled, you will see a 'Configure' link.
  4. Select on the 'Configure' link.
  5. Provide the required information and set 'Advanced Threat Protection Types' to 'All'.
  6. Click Save.

From TF
Do not include the 'disabled_alerts' argument under 'threat_detection_policy':

resource "azurerm_sql_server" "example" {
	threat_detection_policy {
		-   disabled_alerts = "Access_Anomaly"
	}
}

From Command Line
Run

az sql db threat-policy update --resource-group RESOURCEGROUPNAME --server SERVERNAME --name DB --disabled-alerts None

References

  1. https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql?view=azuresql#manage-microsoft-defender-for-sql-settings
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server#disabled_alerts
  3. https://learn.microsoft.com/en-us/cli/azure/sql/db/threat-policy?view=azure-cli-latest#az-sql-db-threat-policy-update

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • Azure CIS Foundations v. 1.1.0
  • Azure CIS Foundations v. 1.2.0
  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CloudGuard Best Practices
  • Azure HITRUST v9.5.0
  • Azure ISO 27001:2013
  • Azure ITSG-33
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset

Updated about 1 year ago