Control: Ensure that VA setting 'Send scan reports to' is configured for a SQL server
Description
Configure 'Send scan reports to' with email ids of concerned data owners/stakeholders for a critical SQL servers.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.sql_server_va_setting_scan_reports_configuredSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.sql_server_va_setting_scan_reports_configured --shareSQL
This control uses a named query:
select s.id as resource, case when security -> 'properties' ->> 'state' = 'Disabled' or ( security -> 'properties' ->> 'state' = 'Enabled' and assessment -> 'properties' ->> 'storageContainerPath' is not null and assessment -> 'properties' -> 'recurringScans' ->> 'emails' = '[]' ) then 'alarm' else 'ok' end as status, case when security -> 'properties' ->> 'state' = 'Disabled' or ( security -> 'properties' ->> 'state' = 'Enabled' and assessment -> 'properties' ->> 'storageContainerPath' is not null and assessment -> 'properties' -> 'recurringScans' ->> 'emails' = '[]' ) then s.name || ' VA scan reports and alerts not configured send email.' else s.name || ' VA scan reports and alerts configured to send email.' end as reason , s.resource_group as resource_group , sub.display_name as subscriptionfrom azure_sql_server s cross join lateral jsonb_array_elements(server_security_alert_policy) security cross join lateral jsonb_array_elements(server_vulnerability_assessment) assessment left join azure_subscription sub on sub.subscription_id = s.subscription_id;