Skip to main content

Azure SQL Management (Beta)

This Integration is part of the Azure SQL Management (Beta) Pack.#

beta

This is a beta Integration, which lets you implement and test pre-release software. Since the integration is beta, it might contain bugs. Updates to the integration during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the integration to help us identify issues, fix them, and continually improve.

Microsoft Azure SQL Management Integration manages the Auditing and Threat Policies for Azure SQL.

Note: The integration is in ***beta*** as it uses a preview version of the Azure SQL Database API. The stable Azure SQL Database API version does not contain all required endpoints used in some of the integration commands.

Configure Azure SQL Management on Cortex XSOAR#

In both options below, the device authorization grant flow is used.

In order to connect to the Azure SQL Management using either Cortex XSOAR Azure App or the Self-Deployed Azure App:

  1. Fill in the required parameters.

    ParameterDescriptionRequired
    Application IDTrue
    Subscription IDTrue
    Resource Group NameTrue
    Azure AD endpointAzure AD endpoint associated with a national cloud.False
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  2. Run the !azure-sql-auth-start command.

  3. Follow the instructions that appear.

  4. Run the !azure-sql-auth-complete command.

At the end of the process you'll see a message that you've logged in successfully.

Cortex XSOAR Azure App#

In order to use the Cortex XSOAR Azure application, use the default application ID (8f9010bb-4efe-4cfa-a197-98a2694b7e0c).

You only need to fill in your subscription ID and resource group name. You can find your resource group and subscription ID in the Azure Portal. For a more detailed explanation, visit this page.

Self-Deployed Azure App#

To use a self-configured Azure application, you need to add a new Azure App Registration in the Azure Portal.

The application must have user_impersonation permission and must allow public client flows (found under the Authentication section of the app).

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

azure-sql-auth-start#


Run this command to start the authorization process and follow the instructions in the command results.

Base Command#

azure-sql-auth-start

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!azure-sql-auth-start

Human Readable Output#

Authorization instructions#

  1. To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CODECODE to authenticate.
  2. Run the !azure-sql-auth-complete command in the War Room.

azure-sql-auth-complete#


Run this command to complete the authorization process. Should be used after running the azure-sql-auth-start command.

Base Command#

azure-sql-auth-complete

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!azure-nsg-auth-complete

Human Readable Output#

โœ… Authorization completed successfully.

azure-sql-auth-reset#


Run this command if you need to rerun the authentication process.

Base Command#

azure-sql-auth-reset

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!azure-sql-auth-reset

Human Readable Output#

Authorization was reset successfully. You can now run !azure-sql-auth-start and !azure-sql-auth-complete.

azure-sql-auth-test#


Tests the connectivity to the Azure SQL Management.

Base Command#

azure-sql-auth-test

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!azure-sql-auth-test

Human Readable Output#

โœ… Success!

azure-sql-servers-list#


Lists all the servers.

Base Command#

azure-sql-servers-list

Input#

Argument NameDescriptionRequired
limitThe maximum number of servers returned to the War Room. Default is 50.Optional
offsetOffset in the data set. Default is 0.Optional

Context Output#

PathTypeDescription
AzureSQL.ServerUnknownServer list.
AzureSQL.Server.kindStringKind of server.
AzureSQL.Server.locationStringServer location.
AzureSQL.Server.tagsUnknownServer Tags.
AzureSQL.Server.idStringServer ID.
AzureSQL.Server.nameStringServer name.
AzureSQL.Server.typeStringServer type.
AzureSQL.Server.administratorLoginStringUsername of the server administrator.
AzureSQL.Server.versionStringServer version.
AzureSQL.Server.stateStringServer state.
AzureSQL.Server.fullyQualifiedDomainNameUnknownFully qualified domain name of the server.
AzureSQL.Server.privateEndpointConnectionsUnknownList of private endpoint connections of the server.
AzureSQL.Server.publicNetworkAccessStringWhether the public endpoint access of the server is enabled. The value is 'Enabled' or 'Disabled'.

Command Example#

!azure-sql-servers-list

Context Example#

{
"AzureSQL": {
"Server": {
"administratorLogin": "xsoaradmin",
"fullyQualifiedDomainName": "sqlintegration.database.windows.net",
"id": "/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration",
"kind": "v12.0",
"location": "eastus",
"name": "sqlintegration",
"privateEndpointConnections": [],
"publicNetworkAccess": "Enabled",
"state": "Ready",
"tags": {},
"type": "Microsoft.Sql/servers",
"version": "12.0"
}
}
}

Human Readable Output#

Servers List#

Administrator LoginFully Qualified Domain NameIdKindLocationNamePublic Network AccessStateTypeVersion
xsoaradminsqlintegration.database.windows.net/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegrationv12.0eastussqlintegrationEnabledReadyMicrosoft.Sql/servers12.0

azure-sql-db-list#


Lists all of the databases for the server.

Base Command#

azure-sql-db-list

Input#

Argument NameDescriptionRequired
server_nameServer name.Required
limitThe maximum number of databases returned to the War Room. Default is 50.Optional
offsetOffset in the data set. Default is 0.Optional

Context Output#

PathTypeDescription
AzureSQL.DBUnknownAll databases related to the server.
AzureSQL.DB.kindStringKind of database.
AzureSQL.DB.locationStringDatabase location.
AzureSQL.DB.idStringDatabase ID.
AzureSQL.DB.nameStringDatabase name.
AzureSQL.DB.typeStringDatabase type.
AzureSQL.DB.managedByStringResource that manages the database.
AzureSQL.DB.skuUnknownDatabase SKU.
AzureSQL.DB.catalogCollationStringCollation of the catalog for the database.
AzureSQL.DB.collationStringDatabase collation.
AzureSQL.DB.creationDateStringCreation date of the database in ISO format.
AzureSQL.DB.currentServiceObjectiveNameStringCurrent service level objective name of the database.
AzureSQL.DB.currentSkuUnknownName, tier, and capacity of the SKU.
AzureSQL.DB.databaseIDStringDatabase ID.
AzureSQL.DB.defaultSecondaryLocationStringDefault secondary location of the database.
AzureSQL.DB.maxSizeBytesNumberThe maximum size of the database in bytes.
AzureSQL.DB.readReplicaCountNumberThe number of read-only secondary replicas of the database.
AzureSQL.DB.readScaleStringThe read-only routing state. "Enabled" or "Disabled".
AzureSQL.DB.requestedServiceObjectiveNameStringThe requested service objective name of the database.
AzureSQL.DB.statusStringDatabase status.
AzureSQL.DB.storageAccountTypeStringDatabase storage account type.
AzureSQL.DB.zoneRedundantBooleanWhether the database zone is redundant.

Command Example#

!azure-sql-db-list server_name=sqlintegration

Context Example#

{
"AzureSQL": {
"DB": [
{
"catalogCollation": "SQL_Latin1_General_CP1_CI_AS",
"collation": "SQL_Latin1_General_CP1_CI_AS",
"creationDate": "2020-12-15T14:29:43.72Z",
"currentServiceObjectiveName": "System0",
"currentSku": {
"capacity": 0,
"name": "System",
"tier": "System"
},
"databaseId": "12345ID",
"defaultSecondaryLocation": "westus",
"id": "/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/master",
"kind": "v12.0,system",
"location": "eastus",
"managedBy": "/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration",
"maxSizeBytes": 32212254720,
"name": "master",
"readReplicaCount": 0,
"readScale": "Disabled",
"requestedServiceObjectiveName": "System0",
"sku": {
"capacity": 0,
"name": "System",
"tier": "System"
},
"status": "Online",
"storageAccountType": "LRS",
"type": "Microsoft.Sql/servers/databases",
"zoneRedundant": false
},
{
"catalogCollation": "SQL_Latin1_General_CP1_CI_AS",
"collation": "SQL_Latin1_General_CP1_CI_AS",
"creationDate": "2020-12-15T14:31:06.663Z",
"currentServiceObjectiveName": "S0",
"currentSku": {
"capacity": 10,
"name": "Standard",
"tier": "Standard"
},
"databaseId": "5343c264-7cf0-47c4-8cbb-1593d2337b69",
"defaultSecondaryLocation": "westus",
"earliestRestoreDate": "2020-12-28T00:00:00Z",
"id": "/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/sql-integration-db",
"kind": "v12.0,user",
"location": "eastus",
"maxSizeBytes": 268435456000,
"name": "sql-integration-db",
"readReplicaCount": 0,
"readScale": "Disabled",
"requestedServiceObjectiveName": "S0",
"sku": {
"capacity": 10,
"name": "Standard",
"tier": "Standard"
},
"status": "Online",
"storageAccountType": "GRS",
"tags": {},
"type": "Microsoft.Sql/servers/databases",
"zoneRedundant": false
}
]
}
}

Human Readable Output#

Database List#

NameLocationStatusManaged By
mastereastusOnline/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration
sql-integration-dbeastusOnline

azure-sql-db-audit-policy-list#


Gets the audit settings of the specified database.

Base Command#

azure-sql-db-audit-policy-list

Input#

Argument NameDescriptionRequired
server_nameServer name.Required
db_nameDatabase name.Required
limitThe maximum number of DataBases audit policies returned to the War Room. Default is 50.Optional
offsetOffset in the data set. Default is 0.Optional

Context Output#

PathTypeDescription
AzureSQL.DBAuditPolicyUnknownList of all database audit settings.
AzureSQL.DBAuditPolicy.kindStringKind of audit policy.
AzureSQL.DBAuditPolicy.idStringAudit policy ID.
AzureSQL.DBAuditPolicy.nameStringAudit policy name.
AzureSQL.DBAuditPolicy.typeStringResource type.
AzureSQL.DBAuditPolicy.isAzureMonitorTargetEnabledBooleanWhether audit events are sent to Azure Monitor. Possible values: "True" (Enabled) or "False" (Disabled).
AzureSQL.DBAuditPolicy.retentionDaysNumberNumber of days to keep in the audit logs in the storage account.
AzureSQL.DBAuditPolicy.stateStringPolicy state.
AzureSQL.DBAuditPolicy.storageAccountSubscriptionIdStringStorage subscription ID.
AzureSQL.DBAuditPolicy.databaseNameStringThe name of the database that the audit policy is related to.
AzureSQL.DBAuditPolicy.serverNameStringThe name of the server that the audit policy is related to.

Command Example#

!azure-sql-db-audit-policy-list server_name=sqlintegration db_name=sql-integration-db

Context Example#

{
"AzureSQL": {
"DBAuditPolicy": {
"auditActionsAndGroups": [
"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP",
"FAILED_DATABASE_AUTHENTICATION_GROUP",
"BATCH_COMPLETED_GROUP"
],
"databaseName": "sql-integration-db",
"id": "/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/sql-integration-db/auditingSettings/Default",
"isAzureMonitorTargetEnabled": true,
"name": "Default",
"queueDelayMs": 123,
"retentionDays": 3,
"serverName": "sqlintegration",
"state": "Enabled",
"storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000",
"storageEndpoint": "",
"type": "Microsoft.Sql/servers/databases/auditingSettings"
}
}
}

Human Readable Output#

Database Audit Settings#

Audit Actions And GroupsDatabase NameIdIs Azure Monitor Target EnabledNameQueue Delay MsRetention DaysServer NameStateStorage Account Subscription IdType
SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP,
BATCH_COMPLETED_GROUP
sql-integration-db/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/sql-integration-db/auditingSettings/DefaulttrueDefault1233sqlintegrationEnabled00000000-0000-0000-0000-000000000000Microsoft.Sql/servers/databases/auditingSettings

azure-sql-db-threat-policy-get#


Gets the threat detection policy of the specified database.

Base Command#

azure-sql-db-threat-policy-get

Input#

Argument NameDescriptionRequired
server_nameServer name.Required
db_nameDatabase name.Required

Context Output#

PathTypeDescription
AzureSQL.DBThreatPolicyUnknownAll threat policies related to the database.
AzureSQL.DBThreatPolicy.kindStringKind of threat policy.
AzureSQL.DBThreatPolicy.locationStringThreat policy location.
AzureSQL.DBThreatPolicy.idStringThreat policy ID.
AzureSQL.DBThreatPolicy.nameStringThreat policy name.
AzureSQL.DBThreatPolicy.typeStringThreat policy type.
AzureSQL.DBThreatPolicy.stateStringThreat policy state.
AzureSQL.DBThreatPolicy.creationTimeStringThreat policy creation time.
AzureSQL.DBThreatPolicy.retentionDaysNumberNumber of days to keep in the Threat Detection audit logs.
AzureSQL.DBThreatPolicy.storageAccountAccessKeyStringThe identifier key of the Threat Detection audit storage account.
AzureSQL.DBThreatPolicy.storageEndpointStringThreat Detection audit storage account.
AzureSQL.DBThreatPolicy.emailAccountAdminsBooleanEmail account administrators who the alert is sent to.
AzureSQL.DBThreatPolicy.emailAddressesStringList of email addresses to which the alert is sent.
AzureSQL.DBThreatPolicy.disabledAlertsStringList of alerts that are disabled, or an empty string if no alerts are disabled.
AzureSQL.DBThreatPolicy.useServerDefaultUnknownWhether to use the default server policy.
AzureSQL.DBThreatPolicy.databaseNameStringThe name of the database that the threat policy is related to.
AzureSQL.DBThreatPolicy.serverNameStringThe name of the server that the threat policy is related to.

Command Example#

!azure-sql-db-threat-policy-get server_name=sqlintegration db_name=sql-integration-db

Context Example#

{
"AzureSQL": {
"DBThreatPolicy": {
"creationTime": "2021-01-04T08:05:32.05Z",
"databaseName": "sql-integration-db",
"disabledAlerts": [
"Sql_Injection",
"Sql_Injection_Vulnerability"
],
"emailAccountAdmins": false,
"emailAddresses": [
""
],
"id": "/subscriptions/0f907ea4-bc8b-4c11-9d7e-805c2fd144fb/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/sql-integration-db/securityAlertPolicies/Default",
"name": "Default",
"retentionDays": 5,
"serverName": "sqlintegration",
"state": "Enabled",
"storageAccountAccessKey": "",
"storageEndpoint": "",
"type": "Microsoft.Sql/servers/databases/securityAlertPolicies"
}
}
}

Human Readable Output#

Database Threat Detection Policies#

Creation TimeDatabase NameDisabled AlertsEmail Account AdminsEmail AddressesIdNameRetention DaysServer NameStateType
2021-01-04T08:05:32.05Zsql-integration-dbSql_Injection,
Sql_Injection_Vulnerability
false/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/sql-integration-db/securityAlertPolicies/DefaultDefault5sqlintegrationEnabledMicrosoft.Sql/servers/databases/securityAlertPolicies

azure-sql-db-audit-policy-create-update#


Creates or updates the database's auditing policy.

Base Command#

azure-sql-db-audit-policy-create-update

Input#

Argument NameDescriptionRequired
server_nameServer name.Required
db_nameDatabase name.Required
stateSet the state of the policy. Possible values: "Enable" or "Disable". When state is enabled, storage_endpoint or is_azure_monitor_target_enabled are required.Required
audit_actions_groupsComma-separated list of actions groups and actions to audit. For all possible values, see the integration documentation at https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions?view=sql-server-ver15.Optional
is_azure_monitor_target_enabledWhether audit events are sent to the Azure Monitor. Possible values: "true" and "false".Optional
is_storage_secondary_key_in_useWhether the storage Account Access Key value is the storage's secondary key. Possible values: "true" and "false".Optional
queue_delay_msTime in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second).Optional
retention_daysNumber of days to keep the policy in the audit logs.Optional
storage_account_access_keyIdentifier key of the auditing storage account.Optional
storage_account_subscription_idStorage subscription ID.Optional
storage_endpointStorage endpoint. If the value for the state argument is enabled, the value for the &storage_endpoint or is_azure_monitor_target_enabled* argument is required.Optional

Context Output#

PathTypeDescription
AzureSQL.DBAuditPolicy.kindStringKind of audit policy.
AzureSQL.DBAuditPolicy.idStringAudit policy ID.
AzureSQL.DBAuditPolicy.nameStringAudit policy name.
AzureSQL.DBAuditPolicy.typeStringResource type.
AzureSQL.DBAuditPolicy.isAzureMonitorTargetEnabledBooleanWhether audit events are sent to the Azure Monitor. The value is "True" (Enabled) or "False" (Disabled).
AzureSQL.DBAuditPolicy.retentionDaysNumberNumber of days to keep in the audit logs in the storage account.
AzureSQL.DBAuditPolicy.stateStringPolicy state.
AzureSQL.DBAuditPolicy.storageAccountSubscriptionIdStringStorage subscription ID.
AzureSQL.DBAuditPolicy.auditActionsAndGroupsUnknownAudit actions and groups to audit.
AzureSQL.DBAuditPolicy.isStorageSecondaryKeyInUseStringWhether the storage_account_access_key value is the storage's secondary key.
AzureSQL.DBAuditPolicy.queueDelayMsStringTime in milliseconds that can elapse before audit actions are forced to be processed.
AzureSQL.DBAuditPolicy.storageAccountAccessKeyStringIdentifier key of the auditing storage account.
AzureSQL.DBAuditPolicy.storageEndpointStringStorage endpoint.
AzureSQL.DBAuditPolicy.databaseNameStringThe name of the database that the audit policy is related to.
AzureSQL.DBAuditPolicy.serverNameStringThe name of the server that the audit policy is related to.

Command Example#

!azure-sql-db-audit-policy-create-update server_name=sqlintegration db_name=sql-integration-db state=Enabled is_azure_monitor_target_enabled=true retention_days=3 queue_delay_ms=123

Context Example#

{
"AzureSQL": {
"DBAuditPolicy": {
"auditActionsAndGroups": [
"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP",
"FAILED_DATABASE_AUTHENTICATION_GROUP",
"BATCH_COMPLETED_GROUP"
],
"databaseName": "sql-integration-db",
"id": "/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/sql-integration-db/auditingSettings/Default",
"isAzureMonitorTargetEnabled": true,
"name": "Default",
"queueDelayMs": 123,
"retentionDays": 3,
"serverName": "sqlintegration",
"state": "Enabled",
"storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000",
"type": "Microsoft.Sql/servers/databases/auditingSettings"
}
}
}

Human Readable Output#

Create Or Update Database Auditing Settings#

Audit Actions And GroupsDatabase NameIdIs Azure Monitor Target EnabledNameQueue Delay MsRetention DaysServer NameStateStorage Account Subscription IdType
SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP,
BATCH_COMPLETED_GROUP
sql-integration-db/subscriptions/012345678/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/sql-integration-db/auditingSettings/DefaulttrueDefault1233sqlintegrationEnabled00000000-0000-0000-0000-000000000000Microsoft.Sql/servers/databases/auditingSettings

azure-sql-db-threat-policy-create-update#


Creates or updates the database's threat detection policy.

Base Command#

azure-sql-db-threat-policy-create-update

Input#

Argument NameDescriptionRequired
server_nameServer name.Required
db_nameDatabase name.Required
stateThe state of the policy. Possible values: "Enabled" and "Disabled".Required
retention_daysNumber of days to keep the policy in the audit logs.Optional
storage_account_access_keyThe identifier key of the threat detection audit storage accountOptional
storage_endpointThe blob storage endpoint. This blob storage will hold all Threat Detection audit logs.Optional
disabled_alertsComma-separated list of alerts that are disabled. Possible values: "None", "Sql_Injection", "Sql_Injection_Vulnerability", "Access_Anomaly", "Data_Exfiltration", and "Unsafe_Action".Optional
email_addressesComma-separated list of email addresses to which the alert is sent.Optional
email_account_adminsWhether the alert is sent to the account administrators. Possible values: "true" and "false".Optional
use_server_defaultWhether to use the default server policy. Possible values: "Enabled" and "Disabled".Optional

Context Output#

PathTypeDescription
AzureSQL.DBThreatPolicy.kindStringKind of threat policy.
AzureSQL.DBThreatPolicy.locationStringThreat policy location.
AzureSQL.DBThreatPolicy.idStringThreat policy ID.
AzureSQL.DBThreatPolicy.nameStringThreat policy name.
AzureSQL.DBThreatPolicy.typeStringThreat policy type.
AzureSQL.DBThreatPolicy.stateStringThreat policy state.
AzureSQL.DBThreatPolicy.creationTimeStringThreat policy creation time.
AzureSQL.DBThreatPolicy.retentionDaysNumberNumber of days to keep in the Threat Detection audit logs.
AzureSQL.DBThreatPolicy.storageAccountAccessKeyStringThe identifier key of the Threat Detection audit storage account.
AzureSQL.DBThreatPolicy.storageEndpointStringThreat Detection audit storage account.
AzureSQL.DBThreatPolicy.emailAccountAdminsBooleanEmail account administrators who the alert is sent to.
AzureSQL.DBThreatPolicy.emailAddressesStringList of email addresses to which the alert is sent.
AzureSQL.DBThreatPolicy.disabledAlertsStringList of alerts that are disabled, or an empty string if no alerts are disabled.
AzureSQL.DBThreatPolicy.useServerDefaultUnknownWhether to use the default server policy.
AzureSQL.DBThreatPolicy.databaseNameStringThe name of the database that the threat policy is related to.
AzureSQL.DBThreatPolicy.serverNameStringThe name of the server that the threat policy is related to.

Command Example#

!azure-sql-db-threat-policy-create-update server_name=sqlintegration db_name=sql-integration-db state=Enabled disabled_alerts="Sql_Injection,Sql_Injection_Vulnerability" retention_days=5

Context Example#

{
"AzureSQL": {
"DBThreatPolicy": {
"creationTime": "0001-01-01T00:00:00Z",
"databaseName": "sql-integration-db",
"disabledAlerts": [
"Sql_Injection",
"Sql_Injection_Vulnerability"
],
"emailAccountAdmins": false,
"emailAddresses": [],
"id": "/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/sql-integration-db/securityAlertPolicies/Default",
"name": "Default",
"retentionDays": 5,
"serverName": "sqlintegration",
"state": "Enabled",
"storageAccountAccessKey": "",
"type": "Microsoft.Sql/servers/databases/securityAlertPolicies"
}
}
}

Human Readable Output#

Create Or Update Database Threat Detection Policies#

Creation TimeDatabase NameDisabled AlertsEmail Account AdminsIdNameRetention DaysServer NameStateType
0001-01-01T00:00:00Zsql-integration-dbSql_Injection,
Sql_Injection_Vulnerability
false/subscriptions/0123456789/resourceGroups/sql-integration/providers/Microsoft.Sql/servers/sqlintegration/databases/sql-integration-db/securityAlertPolicies/DefaultDefault5sqlintegrationEnabledMicrosoft.Sql/servers/databases/securityAlertPolicies