creation_time Type: STRING Provider name: properties.creationTime Description: Specifies the UTC creation time of the policy.
id Type: STRING Provider name: id Description: Resource ID.
name Type: STRING Provider name: name Description: Resource name.
state Type: STRING Provider name: properties.state Description: Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.
type Type: STRING Provider name: type Description: Resource type.
creation_time Type: STRING Provider name: properties.creationTime Description: Specifies the UTC creation time of the policy.
disabled_alerts Type: UNORDERED_LIST_STRING Provider name: properties.disabledAlerts Description: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force
email_account_admins Type: BOOLEAN Provider name: properties.emailAccountAdmins Description: Specifies that the alert is sent to the account administrators.
email_addresses Type: UNORDERED_LIST_STRING Provider name: properties.emailAddresses Description: Specifies an array of e-mail addresses to which the alert is sent.
id Type: STRING Provider name: id Description: Resource ID.
name Type: STRING Provider name: name Description: Resource name.
state Type: STRING Provider name: properties.state Description: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.
storage_account_access_key Type: STRING Provider name: properties.storageAccountAccessKey Description: Specifies the identifier key of the Threat Detection audit storage account.
storage_endpoint Type: STRING Provider name: properties.storageEndpoint Description: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
system_data Type: STRUCT Provider name: systemData Description: SystemData of SecurityAlertPolicyResource.
created_at Type: STRING Provider name: createdAt Description: The timestamp of resource creation (UTC).
created_by Type: STRING Provider name: createdBy Description: The identity that created the resource.
created_by_type Type: STRING Provider name: createdByType Description: The type of identity that created the resource.
last_modified_at Type: STRING Provider name: lastModifiedAt Description: The timestamp of resource last modification (UTC)
last_modified_by Type: STRING Provider name: lastModifiedBy Description: The identity that last modified the resource.
last_modified_by_type Type: STRING Provider name: lastModifiedByType Description: The type of identity that last modified the resource.
type Type: STRING Provider name: type Description: Resource type.
audit_actions_and_groups Type: UNORDERED_LIST_STRING Provider name: properties.auditActionsAndGroups Description: Specifies the Actions-Groups and Actions to audit.The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:BATCH_COMPLETED_GROUP,SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,FAILED_DATABASE_AUTHENTICATION_GROUP.This above combination is also the set that is configured by default when enabling auditing from the Azure portal.The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):APPLICATION_ROLE_CHANGE_PASSWORD_GROUPBACKUP_RESTORE_GROUPDATABASE_LOGOUT_GROUPDATABASE_OBJECT_CHANGE_GROUPDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUPDATABASE_OBJECT_PERMISSION_CHANGE_GROUPDATABASE_OPERATION_GROUPDATABASE_PERMISSION_CHANGE_GROUPDATABASE_PRINCIPAL_CHANGE_GROUPDATABASE_PRINCIPAL_IMPERSONATION_GROUPDATABASE_ROLE_MEMBER_CHANGE_GROUPFAILED_DATABASE_AUTHENTICATION_GROUPSCHEMA_OBJECT_ACCESS_GROUPSCHEMA_OBJECT_CHANGE_GROUPSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUPSCHEMA_OBJECT_PERMISSION_CHANGE_GROUPSUCCESSFUL_DATABASE_AUTHENTICATION_GROUPUSER_CHANGE_PASSWORD_GROUPBATCH_STARTED_GROUPBATCH_COMPLETED_GROUPDBCC_GROUPDATABASE_OWNERSHIP_CHANGE_GROUPDATABASE_CHANGE_GROUPThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.For more information, see Database-Level Audit Action Groups.For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:SELECTUPDATEINSERTDELETEEXECUTERECEIVEREFERENCESThe general form for defining an action to be audited is:{action} ON {object} BY {principal}Note that
id Type: STRING Provider name: id Description: Resource ID.
is_storage_secondary_key_in_use Type: BOOLEAN Provider name: properties.isStorageSecondaryKeyInUse Description: Specifies whether storageAccountAccessKey value is the storage’s secondary key.
name Type: STRING Provider name: name Description: Resource name.
queue_delay_ms Type: INT32 Provider name: properties.queueDelayMs Description: Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed.The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.
retention_days Type: INT64 Provider name: properties.retentionDays Description: Specifies the number of days to keep in the audit logs in the storage account.
state Type: STRING Provider name: properties.state Description: Specifies the state of the policy. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.
storage_account_access_key Type: STRING Provider name: properties.storageAccountAccessKey Description: Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage.Prerequisites for using managed identity authentication:1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).2. Grant SQL Server identity access to the storage account by adding ‘Storage Blob Data Contributor’ RBAC role to the server identity.For more information, see Auditing to storage using Managed Identity authentication
storage_endpoint Type: STRING Provider name: properties.storageEndpoint Description: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.
type Type: STRING Provider name: type Description: Resource type.
encryption_protector
Type: STRUCT Provider name: EncryptionProtector
auto_rotation_enabled Type: BOOLEAN Provider name: properties.autoRotationEnabled Description: Key auto rotation opt-in flag. Either true or false.
id Type: STRING Provider name: id Description: Resource ID.
kind Type: STRING Provider name: kind Description: Kind of encryption protector. This is metadata used for the Azure portal experience.
name Type: STRING Provider name: name Description: Resource name.
server_key_name Type: STRING Provider name: properties.serverKeyName Description: The name of the server key.
server_key_type Type: STRING Provider name: properties.serverKeyType Description: The encryption protector type like ‘ServiceManaged’, ‘AzureKeyVault’.
subregion Type: STRING Provider name: properties.subregion Description: Subregion of the encryption protector.
thumbprint Type: STRING Provider name: properties.thumbprint Description: Thumbprint of the server key.
type Type: STRING Provider name: type Description: Resource type.
uri Type: STRING Provider name: properties.uri Description: The URI of the server key.
end_ip_address Type: STRING Provider name: properties.endIpAddress Description: The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.
id Type: STRING Provider name: id Description: Resource ID.
name Type: STRING Provider name: name Description: Resource name.
start_ip_address Type: STRING Provider name: properties.startIpAddress Description: The start IP address of the firewall rule. Must be IPv4 format. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.
type Type: STRING Provider name: type Description: Resource type.
fully_qualified_domain_name
Type: STRING Provider name: properties.fullyQualifiedDomainName Description: The fully qualified domain name of the server.
id
Type: STRING Provider name: id Description: Resource ID.
identity
Type: STRUCT Provider name: identity Description: The Azure Active Directory identity of the server.
principal_id Type: STRING Provider name: principalId Description: The Azure Active Directory principal id.
tenant_id Type: STRING Provider name: tenantId Description: The Azure Active Directory tenant id.
type Type: STRING Provider name: type Description: The identity type. Set this to ‘SystemAssigned’ in order to automatically create and assign an Azure Active Directory principal for the resource.
key_id
Type: STRING Provider name: properties.keyId Description: A CMK URI of the key to use for encryption.
kind
Type: STRING Provider name: kind Description: Kind of sql server. This is metadata used for the Azure portal experience.
Type: STRING Provider name: name Description: Resource name.
primary_user_assigned_identity_id
Type: STRING Provider name: properties.primaryUserAssignedIdentityId Description: The resource id of a user assigned identity to be used by default.
private_endpoint_connections
Type: UNORDERED_LIST_STRUCT Provider name: properties.privateEndpointConnections Description: List of private endpoint connections on a server
id Type: STRING Provider name: id Description: Resource ID.
private_endpoint Type: STRUCT Provider name: properties.privateEndpoint Description: Private endpoint which the connection belongs to.
id Type: STRING Provider name: id Description: Resource id of the private endpoint.
private_link_service_connection_state Type: STRUCT Provider name: properties.privateLinkServiceConnectionState Description: Connection state of the private endpoint connection.
actions_required Type: STRING Provider name: actionsRequired Description: The actions required for private link service connection.
description Type: STRING Provider name: description Description: The private link service connection description.
status Type: STRING Provider name: status Description: The private link service connection status.
provisioning_state Type: STRING Provider name: properties.provisioningState Description: State of the private endpoint connection.
public_network_access
Type: STRING Provider name: properties.publicNetworkAccess Description: Whether or not public endpoint access is allowed for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’
resource_group
Type: STRING
state
Type: STRING Provider name: properties.state Description: The state of the server.
subscription_id
Type: STRING
subscription_name
Type: STRING
tags
Type: UNORDERED_LIST_STRING
type
Type: STRING Provider name: type Description: Resource type.
version
Type: STRING Provider name: properties.version Description: The version of the server.
email_subscription_admins Type: BOOLEAN Provider name: emailSubscriptionAdmins Description: Specifies that the schedule scan notification will be is sent to the subscription administrators.
emails Type: UNORDERED_LIST_STRING Provider name: emails Description: Specifies an array of e-mail addresses to which the scan notification is sent.
storage_account_access_key Type: STRING Provider name: properties.storageAccountAccessKey Description: Specifies the identifier key of the storage account for vulnerability assessment scan results. If ‘StorageContainerSasKey’ isn’t specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall
storage_container_path Type: STRING Provider name: properties.storageContainerPath Description: A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).
storage_container_sas_key Type: STRING Provider name: properties.storageContainerSasKey Description: A shared access signature (SAS Key) that has write access to the blob container specified in ‘storageContainerPath’ parameter. If ‘storageAccountAccessKey’ isn’t specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall
type Type: STRING Provider name: type Description: Resource type.
workspace_feature
Type: STRING Provider name: properties.workspaceFeature Description: Whether or not existing server has a workspace created and if it allows connection from workspace
