Database Threat Detection Policies - Create Or Update
Creates or updates a database's threat detection policy.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/securityAlertPolicies/default?api-version=2014-04-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
database
|
path | True |
string |
The name of the database for which database Threat Detection policy is defined. |
resource
|
path | True |
string |
The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal. |
security
|
path | True |
The name of the security alert policy. |
|
server
|
path | True |
string |
The name of the server. |
subscription
|
path | True |
string |
The subscription ID that identifies an Azure subscription. |
api-version
|
query | True |
string |
The API version to use for the request. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
properties.state | True |
Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required. |
|
location |
string |
The geo-location where the resource lives |
|
properties.disabledAlerts |
string |
Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: Sql_Injection; Sql_Injection_Vulnerability; Access_Anomaly; Data_Exfiltration; Unsafe_Action. |
|
properties.emailAccountAdmins |
Specifies that the alert is sent to the account administrators. |
||
properties.emailAddresses |
string |
Specifies the semicolon-separated list of e-mail addresses to which the alert is sent. |
|
properties.retentionDays |
integer |
Specifies the number of days to keep in the Threat Detection audit logs. |
|
properties.storageAccountAccessKey |
string |
Specifies the identifier key of the Threat Detection audit storage account. If state is Enabled, storageAccountAccessKey is required. |
|
properties.storageEndpoint |
string |
Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. If state is Enabled, storageEndpoint is required. |
|
properties.useServerDefault |
Specifies whether to use the default server policy. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Successfully updated the database Threat Detection policy. |
|
201 Created |
Successfully created the database Threat Detection policy. |
|
Other Status Codes |
*** Error Responses: ***
|
Examples
Create database security alert policy max |
Create database security alert policy min |
Create database security alert policy max
Sample request
PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb/securityAlertPolicies/default?api-version=2014-04-01
{
"properties": {
"state": "Enabled",
"emailAccountAdmins": "Enabled",
"emailAddresses": "test@microsoft.com;user@microsoft.com",
"disabledAlerts": "Sql_Injection;Usage_Anomaly;",
"retentionDays": 6,
"storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
"storageEndpoint": "https://mystorage.blob.core.windows.net",
"useServerDefault": "Enabled"
}
}
Sample response
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
"name": "default",
"type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
"kind": "V12",
"properties": {
"state": "Enabled",
"emailAccountAdmins": "Enabled",
"emailAddresses": "test@microsoft.com;user@microsoft.com",
"disabledAlerts": "Sql_Injection;Usage_Anomaly",
"retentionDays": 6,
"storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
"storageEndpoint": "https://mystorage.blob.core.windows.net",
"useServerDefault": "Enabled"
}
}
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
"name": "default",
"type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
"kind": "V12",
"properties": {
"state": "Enabled",
"emailAccountAdmins": "Enabled",
"emailAddresses": "test@microsoft.com;user@microsoft.com",
"disabledAlerts": "Access_Anomaly;Usage_Anomaly",
"retentionDays": 6,
"storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
"storageEndpoint": "https://mystorage.blob.core.windows.net",
"useServerDefault": "Enabled"
}
}
Create database security alert policy min
Sample request
PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb/securityAlertPolicies/default?api-version=2014-04-01
{
"properties": {
"state": "Enabled",
"storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
"storageEndpoint": "https://mystorage.blob.core.windows.net"
}
}
Sample response
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
"name": "default",
"type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
"kind": "V12",
"properties": {
"state": "Enabled",
"emailAccountAdmins": "Enabled",
"emailAddresses": "",
"disabledAlerts": "",
"retentionDays": 0,
"storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
"storageEndpoint": "https://mystorage.blob.core.windows.net",
"useServerDefault": "Enabled"
}
}
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
"name": "default",
"type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
"kind": "V12",
"properties": {
"state": "Enabled",
"emailAccountAdmins": "Enabled",
"emailAddresses": "",
"disabledAlerts": "",
"retentionDays": 0,
"storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
"storageEndpoint": "https://mystorage.blob.core.windows.net",
"useServerDefault": "Enabled"
}
}
Definitions
Name | Description |
---|---|
Database |
Contains information about a database Threat Detection policy. |
Security |
Specifies that the alert is sent to the account administrators. |
Security |
The name of the security alert policy. |
Security |
Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required. |
Security |
Specifies whether to use the default server policy. |
DatabaseSecurityAlertPolicy
Contains information about a database Threat Detection policy.
Name | Type | Description |
---|---|---|
id |
string |
Resource ID. |
kind |
string |
Resource kind. |
location |
string |
The geo-location where the resource lives |
name |
string |
Resource name. |
properties.disabledAlerts |
string |
Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: Sql_Injection; Sql_Injection_Vulnerability; Access_Anomaly; Data_Exfiltration; Unsafe_Action. |
properties.emailAccountAdmins |
Specifies that the alert is sent to the account administrators. |
|
properties.emailAddresses |
string |
Specifies the semicolon-separated list of e-mail addresses to which the alert is sent. |
properties.retentionDays |
integer |
Specifies the number of days to keep in the Threat Detection audit logs. |
properties.state |
Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required. |
|
properties.storageAccountAccessKey |
string |
Specifies the identifier key of the Threat Detection audit storage account. If state is Enabled, storageAccountAccessKey is required. |
properties.storageEndpoint |
string |
Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. If state is Enabled, storageEndpoint is required. |
properties.useServerDefault |
Specifies whether to use the default server policy. |
|
type |
string |
Resource type. |
SecurityAlertPolicyEmailAccountAdmins
Specifies that the alert is sent to the account administrators.
Name | Type | Description |
---|---|---|
Disabled |
string |
|
Enabled |
string |
SecurityAlertPolicyName
The name of the security alert policy.
Name | Type | Description |
---|---|---|
default |
string |
SecurityAlertPolicyState
Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.
Name | Type | Description |
---|---|---|
Disabled |
string |
|
Enabled |
string |
|
New |
string |
SecurityAlertPolicyUseServerDefault
Specifies whether to use the default server policy.
Name | Type | Description |
---|---|---|
Disabled |
string |
|
Enabled |
string |