Description:
Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.
Rationale:
Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).
Impact:
Turning on Microsoft Defender for Open-source relational databases incurs an additional cost per resource.
Audit:
From Azure Portal
1. Go to Microsoft Defender for Cloud.
2. Select Environment Settings blade.
3. Click on the subscription name.
4. Select the Defender plans blade.
5. Click Select types > in the row for Databases.
6. Ensure the radio button next to Open-source relational databases is set to On.
From Azure CLI
Run the following command:
az security pricing show -n OpenSourceRelationalDatabases --query pricingTier
Get-AzSecurityPricing | Where-Object {$_.Name -eq
'OpenSourceRelationalDatabases'} | Select-Object Name, PricingTier
Ensure output for Name PricingTier is OpenSourceRelationalDatabases Standard
Remediation:
From Azure Portal
1. Go to Microsoft Defender for Cloud.
2. Select Environment Settings blade.
3. Click on the subscription name.
4. Select the Defender plans blade.
5. Click Select types > in the row for Databases.
6. Set the radio button next to Open-source relational databases to On.
7. Select Continue.
8. Select Save.
From Azure CLI
Run the following command:
az security pricing create -n 'OpenSourceRelationalDatabases' --tier
'standard'
From PowerShell
Use the below command to enable Standard pricing tier for Open-source relational
databases
set-azsecuritypricing -name "OpenSourceRelationalDatabases" -pricingtier
"Standard"
Default Value:
By default, Microsoft Defender plan is off.
References:
1. https://docs.microsoft.com/en-us/azure/security-center/security-center-detectioncapabilities
2. https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update
3. https://docs.microsoft.com/en-us/powershell/module/az.security/getazsecuritypricing