Skip to main content

lacework-global-603

2.1.6 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' (Manual)

Profile Applicability

• Level 2

Description

Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.

Rationale

Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).

Impact

Turning on Microsoft Defender for Open-source relational databases incurs an additional cost per resource.

Audit

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade
  3. Click on the subscription name
  4. Select the Defender plans blade
  5. Review the chosen pricing tier. For the Open-source relational databases resource type Plan should be set to On.

From Azure CLI

Run the following command:

az security pricing show -n OpenSourceRelationalDatabases --query pricingTier

From Azure Powershell

Get-AzSecurityPricing | Where-Object {$_.Name -eq 'OpenSourceRelationalDatabases'} | Select-Object Name, PricingTier

Ensure output for Name PricingTier is OpenSourceRelationalDatabases Standard

Remediation

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade
  3. Click on the subscription name
  4. Select the Defender plans blade
  5. On the line in the table for Open-source relational databases Select On under Plan.
  6. Select Save

From Azure CLI

Run the following command:

az security pricing create -n 'OpenSourceRelationalDatabases' --tier 'standard'

From Azure Powershell

Use the below command to enable Standard pricing tier for Open-source relational databases

set-azsecuritypricing -name "OpenSourceRelationalDatabases" -pricingtier "Standard"

References

https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities
https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update
https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-data-protection#dp-2-monitor-anomalies-and-threats-targeting-sensitive-data
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities