如何开启审计与审计;ARM模板中Azure SQL数据库的威胁检测?
Azure SQL数据库威胁检测功能自2015年11月以来一直在全面预览中 但是,无论是在Azure Quickstart模板还是Azure Resource Manager架构链接中,我都无法找到如何在ARM模板中启用此功能及其依赖项(Azure SQL数据库审核) 如果知道的人能回答这个问题,我将不胜感激。如何开启审计与审计;ARM模板中Azure SQL数据库的威胁检测?,azure,azure-sql-database,azure-resource-manager,Azure,Azure Sql Database,Azure Resource Manager,Azure SQL数据库威胁检测功能自2015年11月以来一直在全面预览中 但是,无论是在Azure Quickstart模板还是Azure Resource Manager架构链接中,我都无法找到如何在ARM模板中启用此功能及其依赖项(Azure SQL数据库审核) 如果知道的人能回答这个问题,我将不胜感激。 非常感谢。以下是两个示例模板: 首先,为整个SQL server启用审计和威胁检测 { "$schema": "http://schema.management.azure
非常感谢。以下是两个示例模板: 首先,为整个SQL server启用审计和威胁检测
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"type": "string",
"metadata": {
"description": "The name of the new database server to create."
}
},
"serverLocation": {
"type": "string",
"metadata": {
"description": "The location of the database server."
}
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The account name to use for the database server administrator."
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password to use for the database server administrator."
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "The name of the new database to create."
}
},
"collation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The database collation for governing the proper use of characters."
}
},
"edition": {
"type": "string",
"defaultValue": "Standard",
"metadata": {
"description": "The type of database to create. The available options are: Web, Business, Basic, Standard, and Premium."
}
},
"maxSizeBytes": {
"type": "string",
"defaultValue": "1073741824",
"metadata": {
"description": "The maximum size, in bytes, for the database"
}
},
"requestedServiceObjectiveName": {
"type": "string",
"defaultValue": "S0",
"metadata": {
"description": "The name corresponding to the performance level for edition. The available options are: Shared, Basic, S0, S1, S2, S3, P1, P2, and P3."
}
},
"eventTypesToAudit": {
"type": "string",
"defaultValue":"All",
"metadata": {
"description": "The event type to audit."
}
}
},
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[parameters('serverLocation')]",
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"name": "[parameters('databaseName')]",
"type": "databases",
"location": "[parameters('serverLocation')]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]"
}
},
{
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('serverLocation')]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"type": "firewallrules"
},
{
"apiVersion": "2014-04-01-preview",
"type": "auditingPolicies",
"name": "Default",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'))]"
],
"properties": {
"auditingState": "Enabled",
"storageAccountName": "<your-storage-account-name>",
"storageAccountKey": "<your-storage-account-key>",
"storageAccountResourceGroupName": "<your-storage-account-resource-group-name>",
"storageAccountSubscriptionId": "<your-storage-account-subscriptionid>",
"eventTypesToAudit": "parameters('eventTypesToAudit')"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "securityAlertPolicies",
"name": "Default",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/auditingPolicies/Default')]"
],
"properties": {
"state": "Enabled",
"disabledAlerts": "",
"emailAddresses": "abcd@efgh.com",
"emailAccountAdmins": "true"
}
}
]
}
]
}
{
“$schema”:”http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
“内容版本”:“1.0.0.0”,
“参数”:{
“服务器名”:{
“类型”:“字符串”,
“元数据”:{
“描述”:“要创建的新数据库服务器的名称。”
}
},
“服务器位置”:{
“类型”:“字符串”,
“元数据”:{
“说明”:“数据库服务器的位置。”
}
},
“管理员登录”:{
“类型”:“字符串”,
“元数据”:{
“说明”:“数据库服务器管理员使用的帐户名。”
}
},
“管理员登录密码”:{
“类型”:“securestring”,
“元数据”:{
“说明”:“数据库服务器管理员使用的密码。”
}
},
“数据库名称”:{
“类型”:“字符串”,
“元数据”:{
“描述”:“要创建的新数据库的名称。”
}
},
“整理”:{
“类型”:“字符串”,
“defaultValue”:“SQL拉丁语通用CP1 CI AS”,
“元数据”:{
“说明”:“用于管理字符正确使用的数据库排序规则。”
}
},
“版本”:{
“类型”:“字符串”,
“defaultValue”:“标准”,
“元数据”:{
“描述”:“要创建的数据库类型。可用选项有:Web、Business、Basic、Standard和Premium。”
}
},
“最大大小字节”:{
“类型”:“字符串”,
“defaultValue”:“1073741824”,
“元数据”:{
“描述”:“数据库的最大大小,以字节为单位”
}
},
“requestedServiceObjectiveName”:{
“类型”:“字符串”,
“defaultValue”:“S0”,
“元数据”:{
“描述”:“与版本的性能级别相对应的名称。可用选项有:共享、基本、S0、S1、S2、S3、P1、P2和P3。”
}
},
“eventTypesToAudit”:{
“类型”:“字符串”,
“defaultValue”:“全部”,
“元数据”:{
“说明”:“要审核的事件类型。”
}
}
},
“资源”:[
{
“名称”:“[参数('serverName')]”,
“类型”:“Microsoft.Sql/servers”,
“位置”:“[参数('serverLocation')]”,
“apiVersion”:“2014-04-01-preview”,
“财产”:{
“管理员登录”:“[参数('administratorLogin')]”,
“administratorLoginPassword”:“[参数('administratorLoginPassword')]”,
“版本”:“12.0”
},
“资源”:[
{
“名称”:“[参数('databaseName')]”,
“类型”:“数据库”,
“位置”:“[参数('serverLocation')]”,
“apiVersion”:“2014-04-01-preview”,
“dependsOn”:[
[concat('Microsoft.Sql/servers/',parameters('serverName'))]
],
“财产”:{
“版本”:“[参数('版本')]”,
“排序规则”:“[参数('collation')]”,
“maxSizeBytes”:“[参数('maxSizeBytes')]”,
“requestedServiceObjectiveName”:“[参数('requestedServiceObjectiveName')”
}
},
{
“apiVersion”:“2014-04-01-preview”,
“dependsOn”:[
[concat('Microsoft.Sql/servers/',parameters('serverName'))]
],
“位置”:“[参数('serverLocation')]”,
“名称”:“AllowAllWindowsAzureIps”,
“财产”:{
“endIpAddress”:“0.0.0.0”,
“startIpAddress”:“0.0.0.0”
},
“类型”:“防火墙规则”
},
{
“apiVersion”:“2014-04-01-preview”,
“类型”:“审核策略”,
“名称”:“默认值”,
“dependsOn”:[
“[concat('Microsoft.Sql/servers/',parameters('serverName'))]”,
[concat('Microsoft.Sql/servers/',parameters('serverName'),'/databases/',parameters('databaseName'))]
],
“财产”:{
“审核状态”:“已启用”,
“storageAccountName”:“”,
“storageAccountKey”:“”,
“storageAccountResourceGroupName”:“”,
“storageAccountSubscriptionId”:”,
“eventTypesToAudit”:“参数('eventTypesToAudit')”
}
},
{
“apiVersion”:“2015-05-01-preview”,
“类型”:“SecurityAlertPolicys”,
“名称”:“默认值”,
“德彭索
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"type": "string",
"metadata": {
"description": "The name of the new database server to create."
}
},
"serverLocation": {
"type": "string",
"metadata": {
"description": "The location of the database server."
}
},
"administratorLogin": {
"type": "string",
"metadata": {
"description": "The account name to use for the database server administrator."
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "The password to use for the database server administrator."
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "The name of the new database to create."
}
},
"collation": {
"type": "string",
"defaultValue": "SQL_Latin1_General_CP1_CI_AS",
"metadata": {
"description": "The database collation for governing the proper use of characters."
}
},
"edition": {
"type": "string",
"defaultValue": "Standard",
"metadata": {
"description": "The type of database to create. The available options are: Web, Business, Basic, Standard, and Premium."
}
},
"maxSizeBytes": {
"type": "string",
"defaultValue": "1073741824",
"metadata": {
"description": "The maximum size, in bytes, for the database"
}
},
"requestedServiceObjectiveName": {
"type": "string",
"defaultValue": "S0",
"metadata": {
"description": "The name corresponding to the performance level for edition. The available options are: Shared, Basic, S0, S1, S2, S3, P1, P2, and P3."
}
},
"eventTypesToAudit": {
"type": "string",
"defaultValue":"All",
"metadata": {
"description": "The event type to audit."
}
}
},
"resources": [
{
"name": "[parameters('serverName')]",
"type": "Microsoft.Sql/servers",
"location": "[parameters('serverLocation')]",
"apiVersion": "2014-04-01-preview",
"properties": {
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"name": "[parameters('databaseName')]",
"type": "databases",
"location": "[parameters('serverLocation')]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"properties": {
"edition": "[parameters('edition')]",
"collation": "[parameters('collation')]",
"maxSizeBytes": "[parameters('maxSizeBytes')]",
"requestedServiceObjectiveName": "[parameters('requestedServiceObjectiveName')]"
},
"resources":[
{
"apiVersion": "2014-04-01-preview",
"type": "auditingPolicies",
"name": "Default",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'))]"
],
"properties": {
"auditingState": "Enabled",
"storageAccountName": "<your-storage-account-name>",
"storageAccountKey": "<your-storage-account-key>",
"storageAccountResourceGroupName": "<your-storage-account-resource-group-name>",
"storageAccountSubscriptionId": "<your-storage-account-subscriptionid>",
"eventTypesToAudit": "parameters('eventTypesToAudit')"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "securityAlertPolicies",
"name": "Default",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/databases/',parameters('databaseName'), '/auditingPolicies/Default')]"
],
"properties": {
"state": "Enabled",
"disabledAlerts": "",
"emailAddresses": "abcd@efgh.com",
"emailAccountAdmins": "true"
}
}
]
},
{
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
],
"location": "[parameters('serverLocation')]",
"name": "AllowAllWindowsAzureIps",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"type": "firewallrules"
}
]
}
]
}
"storageEndpoint": "https://<storage account name>.blob.core.windows.net/",
"storageAccountAccessKey": "<storage account key>"
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[parameters('sqlserverName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"properties": {},
"resources": [
{
"apiVersion": "2015-05-01-preview",
"type": "auditingSettings",
"name": "Default",
"dependsOn": [
"[parameters('sqlserverName')]",
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"State": "Enabled",
"storageEndpoint": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"storageAccountSubscriptionId": "[subscription().subscriptionId]",
"eventTypesToAudit": "All"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "securityAlertPolicies",
"name": "DefaultSecurityAlert",
"dependsOn": [
"[parameters('sqlserverName')]",
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]",
"[concat('Microsoft.Sql/servers/', parameters('sqlserverName'), '/auditingSettings/Default')]"
],
"properties": {
"state": "Enabled",
"disabledAlerts": "",
"emailAddresses": "[parameters('securityAlertPolicyEmails')]",
"emailAccountAdmins": "Enabled",
"retentionDays": "10",
"storageEndpoint": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]"
}
}
]
}
]
}