Azure Microsoft Defender for Cloud is set to Off for Azure SQL Databases
Description
Azure Defender is a cloud workload protection service that utilizes and agent-based deployment to analyze signals from Azure network fabric and the service control plane, to detect threats across all Azure resources. It can also analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP (once they've been onboarded). Azure Defender for SQL servers on machines extends the protections for your Azure-native SQL Servers to fully support hybrid environments and protect SQL servers (all supported version) hosted in Azure
Code Example
go
resource "azurerm_security_center_subscription_pricing" "example" {
tier = "Standard"
resource_type = "AppServices,ContainerRegistry,KeyVaults,KubernetesService,SqlServers,SqlServerVirtualMachines,StorageAccounts,VirtualMachines,ARM,DNS"
}Remediation
Terraform
- Resource: azurerm_security_center_subscription_pricing
- Arguments: resource_type - (Required) The resource type this setting affects.
Ensure that `SqlServers` and `SqlServerVirtualMachines` are declared to pass this check.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0577 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_69 |