Ensure that the "Send scan reports to" notification setting is configured with the email addresses of the concerned data owners or stakeholders in order to receive Vulnerability Assessment (VA) scan reports and alerts for critical SQL database servers.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
optimisation
By default, the "Send scan reports to" notification setting is not configured. Once configured, Microsoft Defender for SQL will send Vulnerability Assessment (VA) scan reports and alerts to the email addresses provided. This can help your security team to reduce the time required for identifying risks and help take corrective measures.
Audit
To determine if there are email addresses configured to receive Vulnerability Assessment (VA) scan reports and alerts for SQL database servers, perform the following actions:
Remediation / Resolution
To configure one or more email addresses for Vulnerability Assessment (VA) scan reports and alerts, perform the following actions:
References
- Azure Official Documentation
- SQL vulnerability assessment helps you identify database vulnerabilities
- Server Vulnerability Assessments - List By Server
- PV-6: Perform software vulnerability assessments
- Azure PowerShell Documentation
- Az.Sql
- Get-AzSqlServer
- Get-AzSqlServerVulnerabilityAssessmentSetting
- Update-AzSqlServerVulnerabilityAssessmentSetting
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Configure Emails for Vulnerability Assessment Scan Reports and Alerts
Risk Level: Medium