'Create or Update SQL Server Firewall Rule' activity log alert should be configured

azure.activity_log
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

To enhance the monitoring of network access changes and reduce the time it takes to identify suspicious activity, it is recommended to create an activity log alert specifically for the “Create or Update SQL Server Firewall Rule” event. By enabling this alert, you gain valuable insights into modifications made to SQL Server firewall rules. It is important to note that enabling this alert may lead to a substantial increase in log size if there are numerous administrative actions on a server. However, the benefits of improved security monitoring outweigh the potential impact on log size.

Remediation

From the console

  1. Navigate to the Monitor blade.
  2. Select Alerts > Create > Alert rule.
  3. Under Filter by subscription, choose a subscription.
  4. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules).
  5. Under Filter by location, select All.
  6. From the results, select the subscription, then click Done.
  7. Click the Condition tab.
  8. Under Signal name, click Delete Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules).
  9. Click the Actions tab.
  10. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection.
  11. Click the Details tab.
  12. Select a Resource group, provide an Alert rule name and an optional Alert rule description.
  13. Click Review + create.
  14. Click Create.