Control: Vulnerability assessment should be enabled on your SQL servers

Description

Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.sql_server_and_databases_va_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.sql_server_and_databases_va_enabled --share

SQL

This control uses a named query:

select
  s.id as resource,
  case
    when security -> 'properties' ->> 'state' = 'Disabled' then 'alarm'
    else 'ok'
  end as status,
  case
    when security -> 'properties' ->> 'state' = 'Disabled' then s.name || ' VA setting disabled.'
    else s.name || ' VA setting enabled.'
  end as reason
  
  , s.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_sql_server s,
  jsonb_array_elements(server_security_alert_policy) security,
  jsonb_array_elements(server_vulnerability_assessment) assessment,
  azure_subscription sub
where
  sub.subscription_id = s.subscription_id;

Control: Vulnerability assessment should be enabled on your SQL servers

Description

Usage

SQL

Tags