Skip to content

Use Microsoft Defender#

Security · Azure Database for MariaDB · Rule · 2022_12 · Important

Enable Microsoft Defender for Cloud for Azure Database for MariaDB.

Description#

Defender for Cloud detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.

Recommendation#

Enable Microsoft Defender for Cloud for Azure Database for MariaDB.

Examples#

Configure with Azure template#

To deploy Azure Database for MariaDB Servers that pass this rule:

  • Deploy a Microsoft.DBforMariaDB/servers/securityAlertPolicies sub-resource (child resource).
  • Set the properties.state property to Enabled.

For example:

Azure Template snippet
{
  "type": "Microsoft.DBforMariaDB/servers",
  "apiVersion": "2018-06-01",
  "name": "[parameters('serverName')]",
  "location": "[parameters('location')]",
  "sku": {
    "name": "[parameters('skuName')]",
    "tier": "GeneralPurpose",
    "capacity": "[parameters('SkuCapacity')]",
    "size": "[format('{0}', parameters('skuSizeMB'))]",
    "family": "[parameters('skuFamily')]"
  },
  "properties": {
    "createMode": "Default",
    "version": "[parameters('mariadbVersion')]",
    "administratorLogin": "[parameters('administratorLogin')]",
    "administratorLoginPassword": "[parameters('administratorLoginPassword')]",
    "storageProfile": {
      "storageMB": "[parameters('skuSizeMB')]",
      "backupRetentionDays": 7,
      "geoRedundantBackup": "Enabled"
    }
  },
  "resources": [
    {
      "type": "Microsoft.DBforMariaDB/servers/securityAlertPolicies",
      "apiVersion": "2018-06-01",
      "name": "Default",
      "dependsOn": ["[parameters('serverName')]"],
      "properties": {
        "emailAccountAdmins": true,
        "emailAddresses": ["soc@contoso.com"],
        "retentionDays": 14,
        "state": "Enabled",
        "storageAccountAccessKey": "account-key",
        "storageEndpoint": "https://contoso.blob.core.windows.net"
      }
    }
  ]
}

Configure with Bicep#

To deploy Azure Database for MariaDB Servers that pass this rule:

  • Deploy a Microsoft.DBforMariaDB/servers/securityAlertPolicies sub-resource (child resource).
  • Set the properties.state property to Enabled.

For example:

Azure Bicep snippet
resource mariaDbServer 'Microsoft.DBforMariaDB/servers@2018-06-01' = {
  name: serverName
  location: location
  sku: {
    name: skuName
    tier: 'GeneralPurpose'
    capacity: skuCapacity
    size: '${skuSizeMB}' 
    family: skuFamily
  }
  properties: {
    createMode: 'Default'
    version: mariadbVersion
    administratorLogin: administratorLogin
    administratorLoginPassword: administratorLoginPassword
    storageProfile: {
      storageMB: skuSizeMB
      backupRetentionDays: 7
      geoRedundantBackup: 'Enabled'
    }
  }
}

resource mariaDbDefender 'Microsoft.DBforMariaDB/servers/securityAlertPolicies@2018-06-01' = {
  name: 'Default'
  parent: MariaDbServer
  properties: {
    emailAccountAdmins: true
    emailAddresses: ['soc@contoso.com']
    retentionDays: 14
    state: 'Enabled'
    storageAccountAccessKey: 'account-key'
    storageEndpoint: 'https://contoso.blob.core.windows.net'
  }
}

Comments