Missing Alert for Firewall Rules Editing
Risk Level
Informational (4)
Platform(s)
Compliance Frameworks
Azure CIS, CCM-CSA, GDPR, HITRUST, NIST 800-53
Description
Monitoring for Create or Update or Delete SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.-
Recommended Mitigation
Under Monitor -> Alerts, create An Alert for 'Microsoft.Sql/servers/firewallRules/write'