-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ASC_ProtectDefenderForSQLOnArc_Audit.json
65 lines (65 loc) · 2.22 KB
/
ASC_ProtectDefenderForSQLOnArc_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
{
"properties": {
"displayName": "Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Microsoft Defender for SQL provides functionality for surfacing and mitigating potential database vulnerabilities, detecting anomalous activities that could indicate threats to SQL databases, discovering and classifying sensitive data. Once enabled, the protection status indicates that the resource is actively monitored. Even when Defender is enabled, multiple configuration settings should be validated on the agent, machine, workspace and SQL server to ensure active protection.",
"metadata": {
"version": "1.0.1",
"category": "Security Center"
},
"version": "1.0.1",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.AzureArcData/sqlServerInstances"
},
{
"anyOf": [
{
"field": "Microsoft.AzureArcData/sqlServerInstances/azureDefenderStatus",
"notEquals": "Protected"
},
{
"allOf": [
{
"field": "Microsoft.AzureArcData/sqlServerInstances/azureDefenderStatus",
"Equals": "Protected"
},
{
"value": "[field('Microsoft.AzureArcData/sqlServerInstances/azureDefenderStatusLastUpdated')]",
"less": "[addDays(utcNow(), -1)]"
}
]
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.1"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/938c4981-c2c9-4168-9cd6-972b8675f906",
"name": "938c4981-c2c9-4168-9cd6-972b8675f906"
}