Detections
Analytics

Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server

MEDIUM

Description

Description:

Enable Vulnerability Assessment (VA) Periodic recurring scans for critical SQL servers and corresponding SQL databases.

Rationale:

VA setting 'Periodic recurring scans' schedules periodic (weekly) vulnerability scanning for the SQL server and corresponding Databases.
Periodic and regular vulnerability scanning provides risk visibility based on updated known vulnerability signatures and best practices.

Enabling the 'Azure Defender for SQL' feature will incur additional costs for each SQL server.

Remediation

From Azure Portal

  1. Go to 'SQL servers'
  2. For each server instance
  3. Click on 'Security Center'
  4. In Section 'Vulnerability Assessment Settings', set 'Storage Account' if not already
  5. Toggle 'Periodic recurring scans' to ON.
  6. Click 'Save'

From Powershell

If not already, Enable 'Advanced Data Security' for a SQL Server:

Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName -ServerName -EmailAdmins $True

To enable ADS-VA service with 'Periodic recurring scans'

Update-AzSqlServerVulnerabilityAssessmentSetting '
-ResourceGroupName ""'
-ServerName ""'
-StorageAccountName "<Storage Name from same subscription and same Location" '
-ScanResultsContainerName "vulnerability-assessment" '
-RecurringScansInterval Weekly '
-EmailSubscriptionAdmins $true '
-NotificationEmail @("[email protected]" , "[email protected]")

Policy Details

Rule Reference ID: AC_AZURE_0040
CSP: Azure
Remediation Available: No
Domain: Identity and Access Management
Resource: azurerm_sql_server
Resource Category: Database
Resource Type: SQL Server

Frameworks