More Info:

Monitoring for ‘Create’ or ‘Update SQL Server Firewall Rule’ events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP, HIPAA, ISO27001

Triage and Remediation

Remediation

To remediate the misconfiguration “Ensure Activity Log Alert exists for Create or Update SQL Server Firewall Rule” for Azure using Azure console, please follow the below steps:

  1. Login to the Azure portal (https://portal.azure.com/)
  2. Navigate to the SQL Server resource for which you want to create an activity log alert for firewall rule creation or update.
  3. Click on the “Activity log” option under the “Monitoring” section in the left-hand menu.
  4. Click on the “Add alert rule” button.
  5. In the “Basics” tab, provide a name and description for the alert, and select the subscription and resource group where the SQL Server is located.
  6. In the “Condition” tab, select the “Activity log” option under the “Signal logic” section.
  7. In the “Signal name” dropdown, select “Create or Update SQL Server Firewall Rule”.
  8. In the “Alert logic” section, set the threshold for the alert based on your requirements.
  9. In the “Actions” tab, select the action group to which you want to send the alert notifications.
  10. Review and confirm the alert rule details in the “Review + create” tab.
  11. Click on the “Create alert rule” button to create the activity log alert for SQL Server firewall rule creation or update.

Once the activity log alert is created, you will receive notifications whenever a firewall rule is created or updated for the SQL Server resource. This will help you to ensure the security of your Azure SQL Server resource.

Additional Reading: