Logging and monitoring

Missing Alert for Firewall Rules Editing

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Azure CIS, CCM-CSA, GDPR, HITRUST, NIST 800-53

Description

Monitoring for Create or Update or Delete SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
  • Recommend icon

    Recommended Mitigation

    Under Monitor -> Alerts, create An Alert for 'Microsoft.Sql/servers/firewallRules/write'