Detections
Analytics

Ensure that 'Threat Detection' is enabled for Azure SQL Database

MEDIUM

Description

Without 'Threat Detection' feature enabled, the SQL database lacks proactive monitoring and alerts for suspicious activities and it makes it harder for administrators to respond quickly and effectively to potential threats, leading to data leaks, unauthorized access or other security breaches. Enabling 'Threat Detection' helps to ensure timely detection and mitigation of security risks, enhancing the overall security posture of the Azure SQL Database.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to SQL Servers.
  2. Select the SQL Server you wish to edit.
  3. Under Security, select Microsoft Defender for Cloud.
  4. select 'Enable' option.

In Terraform -
For current Azure Provider versions:

  1. In the azurerm_mssql_server resource, create a threat_detection_policy block.
  2. Set state to enabled.
  3. Configure as needed.

For Azure Provider versions prior to 2.99.x:

  1. In the azurerm_mssql_database resource, create a threat_detection_policy block.
  2. Set state to enabled.
  3. Configure as needed.

References:
https://learn.microsoft.com/en-us/azure/azure-sql/?view=azuresql
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database#threat_detection_policy

Policy Details

Rule Reference ID: AC_AZURE_0003
CSP: Azure
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: azurerm_mssql_database
Resource Category: Database
Resource Type: SQL Server

Frameworks