Database Threat Detection Policies - Create Or Update

Creates or updates a database's threat detection policy.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/securityAlertPolicies/default?api-version=2014-04-01

URI Parameters

Name In Required Type Description
databaseName
path True

string

The name of the database for which database Threat Detection policy is defined.

resourceGroupName
path True

string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

securityAlertPolicyName
path True

SecurityAlertPolicyName

The name of the security alert policy.

serverName
path True

string

The name of the server.

subscriptionId
path True

string

The subscription ID that identifies an Azure subscription.

api-version
query True

string

The API version to use for the request.

Request Body

Name Required Type Description
properties.state True

SecurityAlertPolicyState

Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.

location

string

The geo-location where the resource lives

properties.disabledAlerts

string

Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: Sql_Injection; Sql_Injection_Vulnerability; Access_Anomaly; Data_Exfiltration; Unsafe_Action.

properties.emailAccountAdmins

SecurityAlertPolicyEmailAccountAdmins

Specifies that the alert is sent to the account administrators.

properties.emailAddresses

string

Specifies the semicolon-separated list of e-mail addresses to which the alert is sent.

properties.retentionDays

integer

Specifies the number of days to keep in the Threat Detection audit logs.

properties.storageAccountAccessKey

string

Specifies the identifier key of the Threat Detection audit storage account. If state is Enabled, storageAccountAccessKey is required.

properties.storageEndpoint

string

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. If state is Enabled, storageEndpoint is required.

properties.useServerDefault

SecurityAlertPolicyUseServerDefault

Specifies whether to use the default server policy.

Responses

Name Type Description
200 OK

DatabaseSecurityAlertPolicy

Successfully updated the database Threat Detection policy.

201 Created

DatabaseSecurityAlertPolicy

Successfully created the database Threat Detection policy.

Other Status Codes

*** Error Responses: ***

  • 500 UpsertDatabaseSecurityAlertPolicyFailed - An error has occurred while saving Threat detection settings, please try again later * 500 DatabaseIsUnavailable - Your settings are currently unavailable, please try again later

Examples

Create database security alert policy max
Create database security alert policy min

Create database security alert policy max

Sample request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb/securityAlertPolicies/default?api-version=2014-04-01

{
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "test@microsoft.com;user@microsoft.com",
    "disabledAlerts": "Sql_Injection;Usage_Anomaly;",
    "retentionDays": 6,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}

Sample response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
  "kind": "V12",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "test@microsoft.com;user@microsoft.com",
    "disabledAlerts": "Sql_Injection;Usage_Anomaly",
    "retentionDays": 6,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
  "kind": "V12",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "test@microsoft.com;user@microsoft.com",
    "disabledAlerts": "Access_Anomaly;Usage_Anomaly",
    "retentionDays": 6,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}

Create database security alert policy min

Sample request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb/securityAlertPolicies/default?api-version=2014-04-01

{
  "properties": {
    "state": "Enabled",
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net"
  }
}

Sample response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
  "kind": "V12",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "",
    "disabledAlerts": "",
    "retentionDays": 0,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
  "kind": "V12",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "",
    "disabledAlerts": "",
    "retentionDays": 0,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}

Definitions

Name Description
DatabaseSecurityAlertPolicy

Contains information about a database Threat Detection policy.

SecurityAlertPolicyEmailAccountAdmins

Specifies that the alert is sent to the account administrators.

SecurityAlertPolicyName

The name of the security alert policy.

SecurityAlertPolicyState

Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.

SecurityAlertPolicyUseServerDefault

Specifies whether to use the default server policy.

DatabaseSecurityAlertPolicy

Contains information about a database Threat Detection policy.

Name Type Description
id

string

Resource ID.

kind

string

Resource kind.

location

string

The geo-location where the resource lives

name

string

Resource name.

properties.disabledAlerts

string

Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: Sql_Injection; Sql_Injection_Vulnerability; Access_Anomaly; Data_Exfiltration; Unsafe_Action.

properties.emailAccountAdmins

SecurityAlertPolicyEmailAccountAdmins

Specifies that the alert is sent to the account administrators.

properties.emailAddresses

string

Specifies the semicolon-separated list of e-mail addresses to which the alert is sent.

properties.retentionDays

integer

Specifies the number of days to keep in the Threat Detection audit logs.

properties.state

SecurityAlertPolicyState

Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.

properties.storageAccountAccessKey

string

Specifies the identifier key of the Threat Detection audit storage account. If state is Enabled, storageAccountAccessKey is required.

properties.storageEndpoint

string

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. If state is Enabled, storageEndpoint is required.

properties.useServerDefault

SecurityAlertPolicyUseServerDefault

Specifies whether to use the default server policy.

type

string

Resource type.

SecurityAlertPolicyEmailAccountAdmins

Specifies that the alert is sent to the account administrators.

Name Type Description
Disabled

string

Enabled

string

SecurityAlertPolicyName

The name of the security alert policy.

Name Type Description
default

string

SecurityAlertPolicyState

Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.

Name Type Description
Disabled

string

Enabled

string

New

string

SecurityAlertPolicyUseServerDefault

Specifies whether to use the default server policy.

Name Type Description
Disabled

string

Enabled

string