SQL Database Audit Disabled
- Query id: 83a229ba-483e-47c6-8db7-dc96969bce5a
- Query name: SQL Database Audit Disabled
- Platform: Terraform
- Severity: High
- Category: Resource Management
- URL: Github
Description¶
Ensure that 'Threat Detection' is enabled for Azure SQL Database
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_resource_group" "positive1" {
name = "acceptanceTestResourceGroup1"
location = "West US"
}
resource "azurerm_sql_server" "positive2" {
name = "myexamplesqlserver"
resource_group_name = azurerm_resource_group.example.name
location = "West US"
version = "12.0"
administrator_login = "4dm1n157r470r"
administrator_login_password = "4-v3ry-53cr37-p455w0rd"
tags = {
environment = "production"
}
}
resource "azurerm_storage_account" "positive3" {
name = "examplesa"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_sql_database" "positive4" {
name = "myexamplesqldatabase"
resource_group_name = azurerm_resource_group.example.name
location = "West US"
server_name = azurerm_sql_server.example.name
threat_detection_policy {
state = "Disabled"
}
extended_auditing_policy {
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
storage_account_access_key_is_secondary = true
retention_in_days = 6
}
tags = {
environment = "production"
}
}
resource "azurerm_sql_database" "positive5" {
name = "myexamplesqldatabase"
resource_group_name = azurerm_resource_group.example.name
location = "West US"
server_name = azurerm_sql_server.example.name
extended_auditing_policy {
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
storage_account_access_key_is_secondary = true
retention_in_days = 6
}
tags = {
environment = "production"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_resource_group" "negative1" {
name = "acceptanceTestResourceGroup1"
location = "West US"
}
resource "azurerm_sql_server" "negative2" {
name = "myexamplesqlserver"
resource_group_name = azurerm_resource_group.example.name
location = "West US"
version = "12.0"
administrator_login = "4dm1n157r470r"
administrator_login_password = "4-v3ry-53cr37-p455w0rd"
tags = {
environment = "production"
}
}
resource "azurerm_storage_account" "negative3" {
name = "examplesa"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_sql_database" "negative4" {
name = "myexamplesqldatabase"
resource_group_name = azurerm_resource_group.example.name
location = "West US"
server_name = azurerm_sql_server.example.name
threat_detection_policy {
state = "Enabled"
}
extended_auditing_policy {
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
storage_account_access_key_is_secondary = true
retention_in_days = 6
}
tags = {
environment = "production"
}
}