Control: 2.1.4 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
Description
Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.
Enabling Microsoft Defender for SQL servers on machines allows for greater defense-in-depth, functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database.
Remediation
From Azure Portal
- Go to
Microsoft Defender for Cloud - Select
Environment Settingsblade. - Click on the subscription name.
- Select the
Defender plansblade. - Click
Select types> in the row forDatabases. - Set the radio button next to
SQL servers on machinestoOn. - Select
Continue. - Select
Save.
From Azure CLI
Run the following command:
az security pricing create -n SqlServerVirtualMachines --tier 'standard'From Powershell
Run the following command:
Set-AzSecurityPricing -Name 'SqlServerVirtualMachines' -PricingTier 'Standard'Default Value
By default, Microsoft Defender plan is off.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v210_2_1_4Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v210_2_1_4 --shareSQL
This control uses a named query:
securitycenter_azure_defender_on_for_sqlservervm