Detections
Analytics

Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled'

HIGH

Description

Description:

Enable "Azure Defender for SQL" on critical SQL Servers.

Rationale:

Azure Defender for SQL is a unified package for advanced SQL security capabilities. Azure Defender is available for Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. It includes functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database. It provides a single go-to location for enabling and managing these capabilities.

Azure Defender for SQL is a paid feature and will incur additional cost for each SQL server.

Remediation

From Azure Console

  1. Go to 'SQL servers'
  2. For each server instance
  3. Click on the 'Security Center' blade
  4. Click configure, next to 'Azure Defender for SQL:'
  5. Set 'Azure defender for SQL' is toggled to 'On'

Using Azure PowerShell

Enable 'Advanced Data Security' for a SQL Server:

Set-AzSqlServerThreatDetectionPolicy -ResourceGroupName -ServerName -EmailAdmins $True

Note:

  • Enabling 'Azure Defender for SQL' from the Azure portal enables 'Threat Detection'
  • Using Powershell command 'Set-AzSqlServerThreatDetectionPolicy' enables 'Azure Defender for SQL' for a SQL server.

Policy Details

Rule Reference ID: AC_AZURE_0406
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_postgresql_server
Resource Category: Database
Resource Type: PostgreSQL

Frameworks