Azure SQL Server threat detection alerts are not enabled for all threat types

Description

Enabling all Threat Detection Types protects against SQL injection, database vulnerabilities, and any other anomalous activities. We recommend you enable all types of threat detection on SQL servers.

Code Example

json

{
    "type": "Microsoft.Sql/servers/databases",
    "apiVersion": "2020-08-01-preview",
    "name": "[variables('dbName')]",
    "location": "[parameters('location')]",
    "sku": {
        "name": "[parameters('sku')]"
    },
    "kind": "v12.0,user",
    "properties": {
        "collation": "SQL_Latin1_General_CP1_CI_AS",
        "maxSizeBytes": "[mul(parameters('maxSizeMB'), 1048576)]",
        "catalogCollation": "SQL_Latin1_General_CP1_CI_AS",
        "zoneRedundant": false,
        "readScale": "Disabled",
        "storageAccountType": "GRS"
    },
    "resources": [
        {
            "type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
            "apiVersion": "2014-04-01",
            "name": "[concat(variables('dbName'), '/current')]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.Sql/servers/databases', parameters('serverName'), parameters('databaseName'))]"
            ],
            "properties": {
+               "state": "Enabled",
+               "disabledAlerts": "",
                "emailAddresses": "[variables('emailAddresses')[copyIndex()]]",
                "emailAccountAdmins": "Enabled"
            }
        }
    ]
}

Remediation

Azure Portal To change the policy using the Azure Portal, follow these steps:*

. Log in to the Azure Portal at https://portal.azure.com.

. Navigate to * SQL servers*.

. For each server instance: a) Click * Advanced Data Security*. + b) Navigate to * Threat Detection Settings* section. + c) Set * Threat Detection Types * to* * All*.

CLI Command*

To set each server's * ExcludedDetectionTypes* to * None*, use the following command:

Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName & lt;resource group name> -ServerName & lt;server name> -ExcludedDetectionType "None"

=== Fix - Buildtime

ARM

Resource: Microsoft.Sql/servers/databases

Rule Details

Field	Value
ID	IAC-0536
Severity	HIGH
IaC Type	Bicep
Frameworks	ARM, Terraform, Bicep, TerraformPlan
Checkov ID	CKV_AZURE_25

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure SQL Server threat detection alerts are not enabled for all threat types

Description

Code Example

Remediation

To set each server's * ExcludedDetectionTypes* to * None*, use the following command:

Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName & lt;resource group name> -ServerName & lt;server name> -ExcludedDetectionType "None"

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure SQL Server threat detection alerts are not enabled for all threat types ​

Description ​

Code Example ​

Remediation ​

To set each server's * ExcludedDetectionTypes* to * None*, use the following command: ​

Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName & lt;resource group name> -ServerName & lt;server name> -ExcludedDetectionType "None" ​

Rule Details ​

References ​

Azure SQL Server threat detection alerts are not enabled for all threat types

Description

Code Example

Remediation

To set each server's * ExcludedDetectionTypes* to * None*, use the following command:

Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName & lt;resource group name> -ServerName & lt;server name> -ExcludedDetectionType "None"

Rule Details

References