Azure SQL Server Threat Detection Alerts Not Enabled For All Threat Types

Advanced data security (ADS) provides a set of advanced SQL security capabilities, including vulnerability assessment, threat detection, and data discovery and classification. This policy identifies Azure SQL servers that have disabled the detection of one or more threat types. To protect your SQL Servers, as a best practice, enable ADS detection for all types of threats.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
Terraform

Build Rules

Azure SQL Server threat detection alerts not enabled for all threat types.
JSON Query:
$.resource.*.azurerm_sql_database size greater than 0 and $.resource.*.azurerm_sql_database[*].*[*].threat_detection_policy size greater than 0 and $.resource.*.azurerm_sql_database[*].*[*].threat_detection_policy[*].disabled_alerts[*] size greater than 0
Recommendation:
Recommended solution for enabling threat detection alerts for all threat types.
It is recommended to have Azure SQL Server threat detection alerts enabled for all threat types. Please make sure if your template have "threat_detection_policy" defined and it does not have "disabled_alerts" attribute defined.
For example:
"threat_detection_policy": [ { "email_addresses": [ "dbgrl93@gmail.com" ], "retention_days": 91, "state": "Enabled" } ]

Run Rule Recommendation

  1. Log in to the Azure portal.
  2. Select 'SQL servers', and select the SQL server you need to modify.
  3. Select 'Advanced Data Security'.
  4. Ensure that 'Advanced Data Security' status is 'ON'.
  5. Select 'Threat Detection Types', and check the 'All' checkbox.
  6. Select 'OK', and 'Save' your changes.

Compliance

There are 3 standards that are applicable to this policy:
  • CIS v1.1 (Azure)
  • PIPEDA
  • CCPA 2018

Recommended For You