Azure Misconfigurations
Sql Audit
Checks performed
- Short Auditing Retention Period for SQL Servers
- Auditing Disabled for SQL Servers
- Threat Detection Disabled for SQL Servers
- Threat Detection Alerts Disabled for SQL Servers
- Send Threat Detection Alerts Disabled for SQL Servers
- Short Threat Detection Retention Period for SQL Servers
- Short Threat Detection Retention Period for SQL Servers
- Short Auditing Retention Period for SQL Databases
- Auditing Disabled for SQL Databases
- Threat Detection Disabled for SQL Databases
- Threat Detection Alerts Disabled for SQL Databases
- Send Threat Detection Alerts Disabled for SQL Databases
- Short Threat Detection Retention Period for SQL Databases
- Transparent Data Encryption Disabled for SQL Databases
- Ensure that AuditActionGroups in auditing is set properly
- SQL Database Servers Should Not Have Unrestricted Access
- Enable Geo-Redundant Backups
- Enable Storage Auto-Growth
- Enable In-Transit Encryption for PostgreSQL Database Servers
- Check for PostgreSQL Log Retention Period
- Enable “CONNECTION_THROTTLING” Parameter for PostgreSQL Servers
- Enable “LOG_CHECKPOINTS” Parameter for PostgreSQL Servers
- Enable “LOG_CONNECTIONS” Parameter for PostgreSQL Servers
- Enable “LOG_DISCONNECTIONS” Parameter for PostgreSQL Servers
- Enable “LOG_DURATION” Parameter for PostgreSQL Servers
- Enable log_checkpoints Parameter for PostgreSQL Flexible Servers
- Enable Infrastructure Double Encryption
- Enable Automatic Failover
- Restrict Default Network Access for Azure Cosmos DB Accounts
- MySQL Database Server Should Enforce SSL Connection
- Check for TLS Protocol Latest Version
- Enable In-Transit Encryption for Redis Cache Servers
- Ensure TLS Version Is Set To TLSV1.2 For MySQL Flexible Database Server
- Ensure That Azure Active Directory Admin Is Configured
- Ensure SQL Server TDE Protector Is Encrypted With CMK
- Ensure That Vulnerability Assessment Is Enabled On SQL Server By Setting Storage Account
- Ensure That Vulnerability Assessment Setting Periodic Recurring Scans Is Set To On
- Ensure That Vulnerability Assessment Setting Send Scan Reports To Is Configured
- Ensure Vulnerability Assessment Setting To Send Email Notifications To Admins And Subscription Owners Is Set
- Enable Auto-Failover Groups By Server
- Check For Sufficient Point In Time Restore (PITR) Backup Retention Period
- Check For Publicly Accessible SQL Servers
- Enable Automatic Tuning For SQL Database Servers