Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Defender support for Open-source relational databases #131

Closed
grtn316 opened this issue Jul 13, 2021 · 4 comments · Fixed by #221
Closed

Add Defender support for Open-source relational databases #131

grtn316 opened this issue Jul 13, 2021 · 4 comments · Fixed by #221
Assignees
@krowlandson
Labels
enhancement New feature or request

Comments

@grtn316
Copy link

grtn316 commented Jul 13, 2021
edited
Loading

terraform-azurerm-caf-enterprise-scale/modules/management/locals.tf

Lines 63 to 72 in 65a69f1

deploy_defender_for_acr = local.settings.security_center.config.enable_defender_for_acr
deploy_defender_for_app_services = local.settings.security_center.config.enable_defender_for_app_services
deploy_defender_for_arm = local.settings.security_center.config.enable_defender_for_arm
deploy_defender_for_dns = local.settings.security_center.config.enable_defender_for_dns
deploy_defender_for_key_vault = local.settings.security_center.config.enable_defender_for_key_vault
deploy_defender_for_kubernetes = local.settings.security_center.config.enable_defender_for_kubernetes
deploy_defender_for_servers = local.settings.security_center.config.enable_defender_for_servers
deploy_defender_for_sql_servers = local.settings.security_center.config.enable_defender_for_sql_servers
deploy_defender_for_sql_server_vms = local.settings.security_center.config.enable_defender_for_sql_server_vms
deploy_defender_for_storage = local.settings.security_center.config.enable_defender_for_storage

Please add a flag to enable Open-source relational databases for Azure defender as part of the management resources configuration.
@krowlandson
Copy link
Contributor

Hi David... thank you for the feature request.

Just for clarity, do you mean for the following?
https://docs.microsoft.com/en-us/azure/security-center/defender-for-databases-introduction

If so, I believe we will need to make a few updates to the associated policies before we can add a feature flag for this, but this shouldn't be a problem. Will add this to our backlog and discuss with the team.

@krowlandson krowlandson self-assigned this Jul 14, 2021
@krowlandson krowlandson added the enhancement New feature or request label Jul 14, 2021
@grtn316
Copy link
Author

grtn316 commented Jul 16, 2021

@krowlandson that is the one. Thanks!

@krowlandson
Copy link
Contributor

Great, thank you for confirming. We will try to pull this in with the next policy update but as the "feature flag" will require an additional value in the configure_management_resources variable, this will be a breaking change. As such, we may need to hold back on updating the schema until a major release. Will keep you posted!

@krowlandson krowlandson mentioned this issue Aug 11, 2021
Closed
@krowlandson
Copy link
Contributor

Once Azure/Enterprise-Scale/issues/733 is resolved, I will pull the updated policies in and we can hopefully add a feature flag to enable this particular feature.

@jtracey93 jtracey93 mentioned this issue Oct 21, 2021
Closed
krowlandson pushed a commit that referenced this issue Nov 25, 2021
Add control for oss databases (fixes #131)
b7ec7bb 
**BREAKING CHANGE**
@krowlandson krowlandson linked a pull request Nov 25, 2021 that will close this issue
Update Library Templates (automated) #221
Merged
@krowlandson krowlandson mentioned this issue Nov 25, 2021
Merged
krowlandson pushed a commit that referenced this issue Nov 26, 2021
@github-actions @actions-user
Update Library Templates (automated) (#221)
c1726fe 
* Update Library Templates (automated)

* Update Policy Assignment and `management` logic for new `Deploy_ASCDF_Config` policy (previously `Deploy_ASC_Config`)

* Add control for oss databases (fixes #131)
**BREAKING CHANGE**

* Update planned values for OPA tests

* Update logic for `parent_management_group` field on Management Group configuration (fixes #190)

Co-authored-by: github-actions <[email protected]>
Co-authored-by: Kevin Rowlandson <[email protected]>
@ghost ghost locked as resolved and limited conversation to collaborators Dec 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@krowlandson krowlandson

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Library Templates (automated) Azure/terraform-azurerm-caf-enterprise-scale
2 participants
@krowlandson @grtn316