Control: 2.1.6 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
Description
Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.
Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).
Remediation
From Azure Portal
- Go to
Microsoft Defender for Cloud. - Select
Environment Settingsblade. - Click on the subscription name.
- Select the
Defender plansblade. - Click
Select types> in the row forDatabases. - Set the radio button next to
Open-source relational databasestoOn. - Select
Continue. - Select
Save.
From Azure CLI
Run the following command:
az security pricing create -n 'OpenSourceRelationalDatabases' --tier 'standard'
From Powershell
Use the below command to enable Standard pricing tier for Open-source relational databases
set-azsecuritypricing -name "OpenSourceRelationalDatabases" -pricingtier "Standard"
Default Value
By default, Microsoft Defender plan is off.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v200_2_1_6Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v200_2_1_6 --shareSQL
This control uses a named query:
select sub_pricing.id as resource, case when pricing_tier = 'Standard' then 'ok' else 'alarm' end as status, case when pricing_tier = 'Standard' then 'Azure Defender on for Open Source Relational Databases.' else 'Azure Defender off for Open Source Relational Databases.' end as reason , sub.display_name as subscriptionfrom azure_security_center_subscription_pricing sub_pricing right join azure_subscription sub on sub_pricing.subscription_id = sub.subscription_idwhere name = 'OpenSourceRelationalDatabases';