Benchmark: 4.2 SQL Server - Azure Defender for SQL
Overview
Azure Defender for SQL provides a layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. Users will receive an alert upon suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns. SQL Server Threat Detection alerts provide details of suspicious activity and recommend action on how to investigate and mitigate the threat.
Azure Defender for SQL may incur additional cost per SQL server.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 4.2 SQL Server - Azure Defender for SQL.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v130_4_2Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v130_4_2 --shareControls
- 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled'
- 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
- 4.2.3 Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server
- 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server
- 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server