turbot/azure_compliance

Control: 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server

Description

It is recommended to enable Vulnerability Assessment (VA) setting Also send email notifications to admins and subscription owners.

VA scan reports and alerts will be sent to admins and subscription owners by enabling setting Also send email notifications to admins and subscription owners. This may help in reducing time required for identifying risks and taking corrective measures.

Remediation

From Console

  1. Login to Azure console and navigate to SQL Servers.
  2. For each server instance, go to Security section from left pane.
  3. Click on Security Center.
  4. Make sure Enable Azure Defender for SQL is On.
  5. Select Configure next to Azure Defender for SQL: Enabled at the server-level.
  6. In section VULNERABILITY ASSESSMENT SETTINGS, select subscription and storage account.
  7. Set Periodic recurring scans to ON.
  8. Configure email ids for concerned stakeholders at Send scan reports to.
  9. Check Also send email notifications to admins and subscription owners.
  10. Click Save.

From PowerShell

Enable Azure Defender for a SQL if not enabled

Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName <resource group name> -ServerName <server name> -EmailAdmins $True

Enable ADS-VA service and set Send scan reports to

Update-AzSqlServerVulnerabilityAssessmentSetting ` -ResourceGroupName "<resource group name>"`
-ServerName "<Server Name>"`
-StorageAccountName "<Storage Name from same subscription and same Location" `
-ScanResultsContainerName "vulnerability-assessment" `
-RecurringScansInterval Weekly `
-EmailSubscriptionAdmins $true `
-NotificationEmail @("mail1@mail.com" , "mail2@mail.com")

Usage

steampipe check azure_compliance.control.cis_v130_4_2_5

SQL

This control uses a named query:

sql_server_va_setting_reports_notify_admins

Tags