Azure SQL Classic VA Emails Unconfigured
ID: azure-sql-va-emails-unconfigured
Severity: medium
Author: princechaddha
Tags: cloud,devops,azure,microsoft,sql-server,azure-cloud-config
Description
Section titled “Description”Ensure that your Amazon SQL database servers are configured with the email addresses of the concerned data owners, admins or stakeholders in order to receive Vulnerability Assessment (VA) scan reports and alerts for critical events. This setting is only available for SQL servers using the classic SQL Vulnerability Assessment configuration. For new, express configuration, email notifications are enabled by default and cannot be customized.
YAML Source
Section titled “YAML Source”id: azure-sql-va-emails-unconfiguredinfo: name: Azure SQL Classic VA Emails Unconfigured author: princechaddha severity: medium description: | Ensure that your Amazon SQL database servers are configured with the email addresses of the concerned data owners, admins or stakeholders in order to receive Vulnerability Assessment (VA) scan reports and alerts for critical events. This setting is only available for SQL servers using the classic SQL Vulnerability Assessment configuration. For new, express configuration, email notifications are enabled by default and cannot be customized. impact: | Lack of email notifications for VA scans means critical alerts and reports are not reaching the responsible parties, potentially delaying the response to vulnerabilities. remediation: | Configure the email addresses for vulnerability assessment notifications in your SQL server settings to ensure alerts and reports are received by the appropriate stakeholders. reference: - https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview tags: cloud,devops,azure,microsoft,sql-server,azure-cloud-config
flow: | code(1); for (let ServerData of iterate(template.serverList)) { ServerData = JSON.parse(ServerData); set("name", ServerData.ServerName); set("resourceGroup", ServerData.ResourceGroupName); code(2); }
self-contained: truecode: - engine: - sh - bash source: | az sql server list --query "[].{ServerName:name, ResourceGroupName:resourceGroup}" --output json
extractors: - type: json name: serverList internal: true json: - '.[]'
- engine: - sh - bash source: | az sql va config show --server "$name" --resource-group "$resourceGroup" --query "{StorageAccountName: storageAccount, NotificationEmails: emailAdmins}" --output json
matchers-condition: and matchers: - type: word words: - '"emails": []'
extractors: - type: dsl dsl: - 'name + " in " + resourceGroup + " has no emails configured for VA notifications"'# digest: 490a00463044022031c797b7b6cadb848835cf794ed8fa6309b15f78dc09618cd83da7674e119b7c022049d66bffa70746b9e8938d5ff50786531d0e4bf0a9438eda9571eaf86bc250e0:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/azure/sql/azure-sql-va-emails-unconfigured.yaml"