Control: Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
Description
Enable Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners'.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.sql_server_va_setting_reports_notify_adminsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.sql_server_va_setting_reports_notify_admins --shareSQL
This control uses a named query:
select s.id as resource, case when security -> 'properties' ->> 'state' = 'Disabled' or ( security -> 'properties' ->> 'state' = 'Enabled' and assessment -> 'properties' ->> 'storageContainerPath' is not null and assessment -> 'properties' -> 'recurringScans' ->> 'emailSubscriptionAdmins' = 'false' ) then 'alarm' else 'ok' end as status, case when security -> 'properties' ->> 'state' = 'Disabled' or ( security -> 'properties' ->> 'state' = 'Enabled' and assessment -> 'properties' ->> 'storageContainerPath' is not null and assessment -> 'properties' -> 'recurringScans' ->> 'emailSubscriptionAdmins' = 'false' ) then s.name || ' VA setting not configured to send email notifications to subscription admins and owners.' else s.name || ' VA setting configured to send email notifications to subscription admins and owners.' end as reason , s.resource_group as resource_group , sub.display_name as subscriptionfrom azure_sql_server s cross join lateral jsonb_array_elements(server_security_alert_policy) security cross join lateral jsonb_array_elements(server_vulnerability_assessment) assessment left join azure_subscription sub on sub.subscription_id = s.subscription_id;