github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/database/all_threat_alerts_enabled.go (about) 1 package database 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckAllThreatAlertsEnabled = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AZU-0028", 14 Provider: providers.AzureProvider, 15 Service: "database", 16 ShortCode: "all-threat-alerts-enabled", 17 Summary: "No threat detections are set", 18 Impact: "Disabling threat alerts means you are not getting the full benefit of server security protection", 19 Resolution: "Use all provided threat alerts", 20 Explanation: `SQL Server can alert for security issues including SQL Injection, vulnerabilities, access anomalies and data exfiltration. Ensure none of these are disabled to benefit from the best protection`, 21 Links: []string{}, 22 Terraform: &scan.EngineMetadata{ 23 GoodExamples: terraformAllThreatAlertsEnabledGoodExamples, 24 BadExamples: terraformAllThreatAlertsEnabledBadExamples, 25 Links: terraformAllThreatAlertsEnabledLinks, 26 RemediationMarkdown: terraformAllThreatAlertsEnabledRemediationMarkdown, 27 }, 28 Severity: severity.Medium, 29 }, 30 func(s *state.State) (results scan.Results) { 31 for _, server := range s.Azure.Database.MSSQLServers { 32 for _, policy := range server.SecurityAlertPolicies { 33 if len(policy.DisabledAlerts) > 0 { 34 results.Add( 35 "Server has a security alert policy which disables alerts.", 36 policy.DisabledAlerts[0], 37 ) 38 } else { 39 results.AddPassed(&policy) 40 } 41 } 42 } 43 return 44 }, 45 )