Detections
Analytics

Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server

MEDIUM

Description

Description:

Enable Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners'.

Rationale:

VA scan reports and alerts will be sent to admins and subscription owners by enabling setting 'Also send email notifications to admins and subscription owners'. This may help in reducing time required for identifying risks and taking corrective measures.

Enabling the 'Microsoft Defender for SQL' features will incur additional costs for each SQL server.

Remediation

From Azure Portal

  1. Go to 'SQL servers'
  2. Select a server instance
  3. Click on 'Security Center'
    1. Select 'Configure' next to 'Enabled at subscription-level'
  5. In Section 'Vulnerability Assessment Settings', configure 'Storage Accounts' if not already
  6. Check/enable 'Also send email notifications to admins and subscription owners'
  7. Click 'Save'

From Powershell

If not already, Enable 'Advanced Data Security' for a SQL Server:

Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName -ServerName -EmailAdmins $True

To enable ADS-VA service and Set 'Also send email notifications to admins and subscription owners'

Update-AzSqlServerVulnerabilityAssessmentSetting '
-ResourceGroupName ""'
-ServerName ""'
-StorageAccountName "<Storage Name from same subscription and same Location" '
-ScanResultsContainerName "vulnerability-assessment" '
-RecurringScansInterval Weekly '
-EmailSubscriptionAdmins $true '
-NotificationEmail @("[email protected]" , "[email protected]")

Policy Details

Rule Reference ID: AC_AZURE_0038
CSP: Azure
Remediation Available: No
Domain: Identity and Access Management
Resource: azurerm_sql_server
Resource Category: Database
Resource Type: SQL Server

Frameworks