Logging and monitoring
Missing Alert for Firewall Rules Editing
Risk Level
Informational (4)
Platform(s)
Compliance Frameworks
- Azure CIS ,
- CCM-CSA ,
- GDPR ,
- HITRUST ,
- NIST 800-53
Description
Monitoring for Create or Update or Delete SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.-
Recommended Mitigation
Under Monitor -> Alerts, create An Alert for 'Microsoft.Sql/servers/firewallRules/write'