Description
related to: Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
Context:
Enhancing security monitoring capabilities by verifying the activation status of Microsoft Defender for SQL.
Current Limitation:
Our current implementation in cloud_defender.go within cnquery lacks the functionality to check the activation status of Microsoft Defender for SQL servers.
Suggested cnquery Location:
cloud_defender.go file, which presently does not include a specific function for this purpose.
Proposed Interim Solution:
Until a direct checking method is established, we can use the following alternative approach:
- Retrieve Security Alert Policy: Develop a method using the SDK to obtain the security alert policy of SQL servers or databases. This policy is integral for threat detection and response settings.
- Analyze Policy Response: Create a process to analyze the retrieved security alert policy. While primarily focused on alert configurations, this policy may offer indirect insights into the operational status of Microsoft Defender for SQL.
which result to following query:
azure.subscription.sql.servers.all(securityAlertPolicy.state == "Enabled")