Detections
Analytics

Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server

MEDIUM

Description

Description:

Configure 'Send scan reports to' with email addresses of concerned data owners/stakeholders for a critical SQL servers.

Rationale:

Vulnerability Assessment (VA) scan reports and alerts will be sent to email addresses configured at 'Send scan reports to'. This may help in reducing time required for identifying risks and taking corrective measures.

Enabling the 'Microsoft Defender for SQL' features will incur additional costs for each SQL server.

Remediation

From Azure Portal

  1. Go to 'SQL servers'
  2. Select a server instance
  3. Select 'Microsoft Defender for Cloud'
  4. Select 'Configure' next to 'Enablement status'
  5. Set 'Microsoft Defender for SQL' to 'On'
  6. Under 'Vulnerability Assessment Settings', select a Storage Account
  7. Set 'Periodic recurring scans' to 'On'
  8. Under 'Send scan reports to', provide email addresses for data owners and stakeholders
  9. Click 'Save'

From PowerShell

If not already, Enable 'Advanced Data Security' for a SQL Server:

Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName -ServerName -EmailAdmins $True

To enable ADS-VA service and Set 'Send scan reports to'

Update-AzSqlServerVulnerabilityAssessmentSetting '
-ResourceGroupName ""'
-ServerName ""'
-StorageAccountName "<Storage Name from same subscription and same Location" '
-ScanResultsContainerName "vulnerability-assessment" '
-RecurringScansInterval Weekly '
-EmailSubscriptionAdmins $true '
-NotificationEmail @("[email protected]" , "[email protected]")

Policy Details

Rule Reference ID: AC_AZURE_0566
CSP: Azure
Remediation Available: No
Domain: Identity and Access Management
Resource: azurerm_mssql_server
Resource Category: Database
Resource Type: SQL Server

Frameworks