Overview of Microsoft Defender for Open-Source Relational Databases
In Microsoft Defender for Cloud, the Defender for Open-Source Relational Databases plan within Defender for Databases detects anomalous activities that indicate unusual and potentially harmful attempts to access or exploit databases. With this plan, you can address potential threats to databases without the need to be a security expert or manage advanced security-monitoring systems.
Availability
For pricing information about Defender for Open-Source Relational Databases, see the Defender for Cloud pricing page.
Defender for Open-Source Relational Databases is supported on platform as a service (PaaS) environments for Azure and Amazon Web Services (AWS). It isn't supported on Azure Arc-enabled machines. For more information about availability, see Defender for Cloud support matrices for Azure commercial/other clouds.
This plan brings threat protections for the following open-source relational databases on Azure.
Azure Database for PostgreSQL
Protected versions of Azure Database for PostgreSQL include:
- Single Server: General Purpose and Memory Optimized pricing tiers. Learn more in Pricing tiers in Azure Database for PostgreSQL - Single Server.
- Flexible Server: All pricing tiers.
Azure Database for MySQL
Protected versions of Azure Database for MySQL include:
- Single Server: General Purpose and Memory Optimized pricing tiers.
- Flexible Server: All pricing tiers.
Azure Database for MariaDB
Protected versions of Azure Database for MariaDB include:
- General Purpose and Memory Optimized pricing tiers. Learn more in Azure Database for MariaDB pricing tiers.
Amazon RDS
Amazon Relational Database Service (RDS) instances on AWS (preview) support:
- Aurora PostgreSQL
- Aurora MySQL
- PostgreSQL
- MySQL
- MariaDB
Benefits
Defender for Cloud provides multicloud alerts on anomalous activities so that you can detect potential threats and respond to them as they occur.
When you enable this plan, Defender for Cloud provides alerts when it detects anomalous database access and query patterns, along with suspicious database activities. The alerts include:
- Details of the suspicious activity that triggered them.
- The associated MITRE ATT&CK tactic.
- Recommended actions for how to investigate and mitigate the threat.
- Options for continuing your investigations by using Microsoft Sentinel.
Alert types
Activities that trigger multicloud alerts enriched with threat intelligence include:
- Anomalous database access and query patterns: For example, an abnormally high number of failed sign-in attempts with different credentials (a brute force attack). The alerts can separate successful brute force attacks from unsuccessful ones.
- Suspicious database activity: For example, a legitimate user accessing a SQL server from a breached computer that communicated with a crypto-mining command and control (C&C) server.
View the full list of multicloud alerts for database servers in Alerts for open-source relational databases.