Short Threat Detection Retention Period for SQL Databases

More Info:

Threat detection retention period should be greater than defined days. Default 90 days.

Risk Level

Medium

Address

Reliability, Security

Compliance Standards

HITRUST, SOC2, NISTCSF, PCIDSS

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the short threat detection retention period for SQL databases in Azure using Azure CLI, follow these steps:

Open Azure CLI and login to your Azure account.
Run the following command to set the retention period for the SQL database threat detection to 90 days:

az sql db threat-policy update --resource-group <resource-group-name> --server <server-name> --database <database-name> --retention-days 90

Replace <resource-group-name>, <server-name>, and <database-name> with the actual names of your resource group, server, and database.

Verify that the retention period has been set to 90 days by running the following command:

az sql db threat-policy show --resource-group <resource-group-name> --server <server-name> --database <database-name>

This command will display the current threat detection policy for the specified database, including the retention period.

Repeat these steps for all SQL databases in your Azure environment to ensure that the threat detection retention period is set to 90 days for all databases.

By following these steps, you will remediate the short threat detection retention period for SQL databases in Azure using Azure CLI.

Using Python

The short threat detection retention period for SQL databases in Azure can be remediated using the Azure Python SDK. Here are the step-by-step instructions to remediate this issue:

Install the Azure Python SDK using the following command:
```
pip install azure-mgmt-monitor
```
Authenticate to your Azure account using the Azure CLI or by setting the environment variables AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID.

Import the necessary modules:

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.monitor import MonitorManagementClient
from azure.mgmt.monitor.models import RetentionPolicy

Define the credentials and the client:

credentials = ServicePrincipalCredentials(
    client_id='<your-client-id>',
    secret='<your-client-secret>',
    tenant='<your-tenant-id>'
)

client = MonitorManagementClient(
    credentials,
    '<your-subscription-id>'
)

Get the current retention policy for the SQL databases:

current_policy = client.metric_definitions.get(
    '<your-resource-group>',
    '<your-sql-server-name>',
    '<your-database-name>',
    'ThreatDetectionPolicy'
).retention_policy

Update the retention policy to the desired value:

new_policy = RetentionPolicy(enabled=True, days=30)
client.metric_definitions.create_or_update(
    '<your-resource-group>',
    '<your-sql-server-name>',
    '<your-database-name>',
    'ThreatDetectionPolicy',
    {'retention_policy': new_policy}
)

In this example, we set the retention period to 30 days. You can adjust this value to meet your specific requirements.

Verify that the retention policy has been updated by checking the current policy again:

updated_policy = client.metric_definitions.get(
    '<your-resource-group>',
    '<your-sql-server-name>',
    '<your-database-name>',
    'ThreatDetectionPolicy'
).retention_policy

print('Updated retention policy:', updated_policy)

This should output the updated retention policy.

That’s it! With these steps, you should be able to remediate the short threat detection retention period for SQL databases in Azure using Python.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Short Threat Detection Retention Period for SQL Databases

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation