Logging and monitoring

Missing Alert for Firewall Rules Editing

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks
  • Azure CIS
  • ,
  • CCM-CSA
  • ,
  • GDPR
  • ,
  • HITRUST
  • ,
  • NIST 800-53

Description

Monitoring for Create or Update or Delete SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
  • Recommend icon

    Recommended Mitigation

    Under Monitor -> Alerts, create An Alert for 'Microsoft.Sql/servers/firewallRules/write'