Detections
Analytics

Ensure that 'Threat Detection' is enabled for Azure SQL Database

MEDIUM

Description

'Threat Detection' is disabled for Azure SQL Database, this may make security incident detection challenging.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to SQL Servers.
  2. Select the SQL Server you wish to edit.
  3. Under Security, select Microsoft Defender for Cloud.
  4. Configure as needed.

In Terraform -
For current Azure Provider versions:

  1. In the azurerm_mssql_server resource, create a threat_detection_policy block.
  2. Set state to enabled.
  3. Configure as needed.

For Azure Provider versions prior to 2.99.x:

  1. In the azurerm_sql_database resource, create a threat_detection_policy block.
  2. Set state to enabled.
  3. Configure as needed.

References:
https://learn.microsoft.com/en-us/azure/azure-sql/?view=azuresql
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database#threat_detection_policy
https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/sql_database#threat_detection_policy

Policy Details

Rule Reference ID: AC_AZURE_0383
CSP: Azure
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: azurerm_sql_database
Resource Category: Database
Resource Type: SQL Server

Frameworks