Skip to main content

lacework-global-542

4.2.5 Set Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' for each SQL Server (Automated)

Profile Applicability

• Level 1

Description

Enable Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners'.

Rationale

VA scan reports and alerts will be sent to admins and subscription owners by enabling setting 'Also send email notifications to admins and subscription owners'. This may help in reducing time required for identifying risks and taking corrective measures.

Impact

Enabling the Microsoft Defender for SQL features will incur additional costs for each SQL server.

Audit

From Azure Portal

  1. Go to SQL servers
  2. Select a server instance
  3. Click on Security Center
  4. Ensure that Microsoft Defender for SQL is set to Enabled
  5. Select Configure next to Enabled at subscription-level
  6. In Section Vulnerability Assessment Settings, Ensure Storage Accounts is configured.
  7. In Section Vulnerability Assessment Settings, Ensure Also send email notifications to admins and subscription owners is checked/enabled.

From Azure Powershell

Get the list of all SQL Servers

Get-AZSqlServer

For each Server

Get-AzSqlServerVulnerabilityAssessmentSetting -ResourceGroupName <resource group name> -ServerName <server name>

Ensure that value for parameter EmailSubscriptionAdmin is set to true.

Sample Output:

ResourceGroupName : ResourceGroup01
ServerName : Server01
StorageAccountName : mystorage
ScanResultsContainerName : vulnerability-assessment
RecurringScansInterval : weekly
EmailSubscriptionAdmins : False
NotificationEmail : {}

Remediation

From Azure Portal

  1. Go to SQL servers.
  2. Select a server instance.
  3. Click Microsoft Defender for Cloud.
  4. Select Configure next to Enabled at subscription-level.
  5. In Section Vulnerability Assessment Settings, configure Storage Accounts if not already.
  6. Check/enable Also send email notifications to admins and subscription owners.
  7. Click Save.

From Azure Powershell

If not already, Enable Advanced Data Security for a SQL Server:

Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName <resource group name> -ServerName <server name> -EmailAdmins $True

To enable ADS-VA service and Set 'Also send email notifications to admins and subscription owners'

Update-AzSqlServerVulnerabilityAssessmentSetting -ResourceGroupName "<resource group name>" -ServerName "<Server Name>" -StorageAccountName "<Storage Name from same subscription and same Location" -ScanResultsContainerName "vulnerability-assessment" -RecurringScansInterval Weekly -EmailSubscriptionAdmins $true -NotificationEmail @("mail1@mail.com" , "mail2@mail.com")

References

https://docs.microsoft.com/en-us/azure/sql-database/sql-vulnerability-assessment
https://docs.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver
https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-2.6.0
https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-2.6.0
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments

Last updated on