Advanced Threat Protection is disabled on SQL server Affecting Security Center service in Azure

Severity Framework Snyk CCSS

Rule category Monitoring / Databases

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Azure CIS-Controls

Snyk ID SNYK-CC-00590
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Advanced Threat Protection can identify potential SQL injection, access from an unusual location or data center, access from an unfamiliar principal or potentially harmful application, and brute force SQL credentials.

How to fix?

Set isEnabled to true to enable Advanced Threat Protection.

Example Configuration

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Security/advancedThreatProtectionSettings",
      "apiVersion": "2019-01-01",
      "name": "example-590-allowed1",
      "properties": {
        "isEnabled": "true"
      }
    }
  ]
}

ARM

Microsoft.Security advancedThreatProtectionSettings

Terraform

azurerm_advanced_threat_protection

References

Configure Advanced Threat Protection for Azure SQL Database