mysql-threat-detection-enabled
Explanation
My SQL server does not enable Threat Detection policy
Possible Impact
Threat detection helps prevent compromise by alerting on threat detections
Suggested Resolution
Enable threat detection on Mysql database
Insecure Example
The following example will fail the azure-database-mysql-threat-detection-enabled check.
resource "azurerm_mysql_server" "bad_example" {
name = "bad_example"
public_network_access_enabled = true
ssl_enforcement_enabled = false
ssl_minimal_tls_version_enforced = "TLS1_2"
threat_detection_policy {
enabled = false
}
}
Secure Example
The following example will pass the azure-database-mysql-threat-detection-enabled check.
resource "azurerm_mysql_server" "good_example" {
name = "good_example"
public_network_access_enabled = false
ssl_enforcement_enabled = false
ssl_minimal_tls_version_enforced = "TLS1_2"
threat_detection_policy {
enabled = true
}
}