Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL Database

MEDIUM

Description

SQL Server Threat Detection Retention period has less than 90 days, this may make audit challenging.

Remediation

In Azure Console -

Open the Azure Portal and go to SQL servers.
Choose the SQL server you wish to edit.
Under Backups, under Retention policies, add retention policies.
Select save.

In Terraform -

In the azurerm_sql_database resource, set retention_days greater than 90 days.

References:
https://learn.microsoft.com/en-us/sql/relational-databases/database-mail/database-mail?view=sql-server-ver16
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_database#retention_days

Policy Details

Rule Reference ID: AC_AZURE_0235

CSP: Azure

Remediation Available: Yes

Domain: Logging and Monitoring

Resource: azurerm_sql_database

Resource Category: Database

Resource Type: SQL Server

Frameworks

GDPR
HIPAA
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0