Detections
Analytics

Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server

MEDIUM

Description

Description:

Enable Vulnerability Assessment (VA) Periodic recurring scans for critical SQL servers and corresponding SQL databases.

Rationale:

VA setting 'Periodic recurring scans' schedules periodic (weekly) vulnerability scanning for the SQL server and corresponding Databases.
Periodic and regular vulnerability scanning provides risk visibility based on updated known vulnerability signatures and best practices.

Enabling the 'Azure Defender for SQL' feature will incur additional costs for each SQL server.

Remediation

From Azure Console

  1. Go to 'SQL servers'
  2. For each server instance
  3. Click on 'Security Center'
  4. In Section 'Vulnerability Assessment Settings', set 'Storage Account' if not already
  5. Toggle 'Periodic recurring scans' to ON.
  6. Click 'Save'

Using Azure PowerShell

If not already, Enable 'Advanced Data Security' for a SQL Server:

Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName -ServerName -EmailAdmins $True

To enable ADS-VA service with 'Periodic recurring scans'

Update-AzSqlServerVulnerabilityAssessmentSetting '
-ResourceGroupName ""'
-ServerName ""'
-StorageAccountName "<Storage Name from same subscription and same Location" '
-ScanResultsContainerName "vulnerability-assessment" '
-RecurringScansInterval Weekly '
-EmailSubscriptionAdmins $true '
-NotificationEmail @("[email protected]" , "[email protected]")
.

Policy Details

Rule Reference ID: AC_AZURE_0237
CSP: Azure
Remediation Available: No
Domain: Identity and Access Management
Resource: azurerm_sql_server
Resource Category: Database
Resource Type: SQL Server

Frameworks