At least one email address is set for threat alerts
Default Severity: medium
Explanation
SQL Server sends alerts for threat detection via email, if there are no email addresses set then mitigation will be delayed.
Possible Impact
Nobody will be promptly alerted in the case of a threat being detected
Suggested Resolution
Provide at least one email address for threat alerts
Insecure Example
The following example will fail the azure-database-threat-alert-email-set check.
resource "azurerm_mssql_server_security_alert_policy" "bad_example" {
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_sql_server.example.name
state = "Enabled"
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
disabled_alerts = [
"Sql_Injection",
"Data_Exfiltration"
]
email_addresses = []
}
Secure Example
The following example will pass the azure-database-threat-alert-email-set check.
resource "azurerm_mssql_server_security_alert_policy" "good_example" {
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_sql_server.example.name
state = "Enabled"
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
disabled_alerts = [
"Sql_Injection",
"Data_Exfiltration"
]
email_addresses = ["db-security@acme.org"]
}