Control: 8.1.7.2 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
Description
Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.
Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).
Remediation
Remediate from Azure Portal
- Go to
Microsoft Defender for Cloud. - Under
Management, selectEnvironment settings. - Click on a subscription name.
- Click
Defender plansin the left pane. - Click
Select types >in the row for Databases. - Set the toggle switch next to
Open-source relational databasestoOn. - Select
Continue. - Select
Save.
Remediate from Azure CLI
Run the following command:
az security pricing create -n 'OpenSourceRelationalDatabases' --tier 'standard'
Remediate from PowerShell
Use the below command to enable Standard pricing tier for Open-source relational databases
set-azsecuritypricing -name "OpenSourceRelationalDatabases" -pricingtier "Standard"
Default Value
By default, Microsoft Defender plan is off.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v500_8_1_7_2Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v500_8_1_7_2 --shareSQL
This control uses a named query:
select sub_pricing.id as resource, case when pricing_tier = 'Standard' then 'ok' else 'alarm' end as status, case when pricing_tier = 'Standard' then 'Azure Defender on for Open Source Relational Databases.' else 'Azure Defender off for Open Source Relational Databases.' end as reason , sub.display_name as subscriptionfrom azure_security_center_subscription_pricing sub_pricing right join azure_subscription sub on sub_pricing.subscription_id = sub.subscription_idwhere name = 'OpenSourceRelationalDatabases';