Azure Data exfiltration protection for Azure Synapse workspace is disabled

Description

Data exfiltration is the unauthorized transfer of data from a network or system, and can be a potential security threat.

Enabling data exfiltration protection for your Azure Synapse workspace can help prevent unauthorized access to your data.

Code Example

resource "azurerm_synapse_workspace" "pass" {
  name                                 = "example"
  resource_group_name                  = azurerm_resource_group.example.name
  location                             = azurerm_resource_group.example.location
  storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.example.id
  sql_administrator_login              = "sqladminuser"
  sql_administrator_login_password     = "H@Sh1CoR3!"
  managed_virtual_network_enabled      = false
  data_exfiltration_protection_enabled = true
  aad_admin {
    login     = "AzureAD Admin"
    object_id = "00000000-0000-0000-0000-000000000000"
    tenant_id = "00000000-0000-0000-0000-000000000000"
  }

  tags = {
    Env = "production"
  }
}

Remediation

Terraform

Resource: azurerm_synapse_workspace
Arguments: data_exfiltration_protection_enabled

Rule Details

Field	Value
ID	IAC-0664
Severity	LOW
IaC Type	arm
Frameworks	Terraform
Checkov ID	CKV_AZURE_157

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure Data exfiltration protection for Azure Synapse workspace is disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure Data exfiltration protection for Azure Synapse workspace is disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Azure Data exfiltration protection for Azure Synapse workspace is disabled

Description

Code Example

Remediation

Rule Details

References