/
AzureDefenderForSql.json
78 lines (78 loc) · 3.04 KB
/
AzureDefenderForSql.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{
"properties": {
"displayName": "[Preview]: Configure Azure Defender for SQL agents on virtual machines",
"policyType": "BuiltIn",
"description": "Configure virtual machines to automatically install the Azure Defender for SQL agents where the Azure Monitor Agent is installed. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Creates a resource group and Log Analytics workspace in the same region as the machine. This policy only applies to VMs in a few regions.",
"metadata": {
"category": "Monitoring",
"version": "1.0.0-preview",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"enableCollectionOfSqlQueriesForSecurityResearch": {
"type": "Boolean",
"metadata": {
"displayName": "Enable collection of SQL queries for security research",
"description": "Enable or disable the collection of SQL queries for security research."
},
"allowedValues": [
true,
false
],
"defaultValue": true
},
"effect": {
"type": "string",
"defaultValue": "DeployIfNotExists",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the initiative."
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
]
}
},
"policyDefinitions": [
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2ada9901-073c-444a-9a9a-91865174f0aa",
"definitionVersion": "1.*.*-preview",
"policyDefinitionReferenceId": "ASC_DeployAzureDefenderForSqlAdvancedThreatProtectionWindowsAgent",
"parameters": {
"enableCollectionOfSqlQueriesForSecurityResearch": {
"value": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]"
},
"azureDefenderForSqlExtensionTypeToInstall": {
"value": "AdvancedThreatProtection.Windows"
},
"effect": {
"value": "[parameters('effect')]"
}
}
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2ada9901-073c-444a-9a9a-91865174f0aa",
"definitionVersion": "1.*.*-preview",
"policyDefinitionReferenceId": "ASC_DeployAzureDefenderForSqlVulnerabilityAssessmentWindowsAgent",
"parameters": {
"enableCollectionOfSqlQueriesForSecurityResearch": {
"value": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]"
},
"azureDefenderForSqlExtensionTypeToInstall": {
"value": "VulnerabilityAssessment.Windows"
},
"effect": {
"value": "[parameters('effect')]"
}
}
}
],
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policySetDefinitions/39a366e6-fdde-4f41-bbf8-3757f46d1611",
"name": "39a366e6-fdde-4f41-bbf8-3757f46d1611"
}