Database Threat Detection Policies - Create Or Update

Reference

Service:: SQL Database

API Version:: 2014-04-01

Creates or updates a database's threat detection policy.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/securityAlertPolicies/default?api-version=2014-04-01

URI Parameters

Name	In	Required	Type	Description
databaseName	path	True	string	The name of the database for which database Threat Detection policy is defined.
resourceGroupName	path	True	string	The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.
securityAlertPolicyName	path	True	SecurityAlertPolicyName	The name of the security alert policy.
serverName	path	True	string	The name of the server.
subscriptionId	path	True	string	The subscription ID that identifies an Azure subscription.
api-version	query	True	string	The API version to use for the request.

Request Body

Name	Required	Type	Description
properties.state	True	SecurityAlertPolicyState	Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.
location		string	The geo-location where the resource lives
properties.disabledAlerts		string	Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: Sql_Injection; Sql_Injection_Vulnerability; Access_Anomaly; Data_Exfiltration; Unsafe_Action.
properties.emailAccountAdmins		SecurityAlertPolicyEmailAccountAdmins	Specifies that the alert is sent to the account administrators.
properties.emailAddresses		string	Specifies the semicolon-separated list of e-mail addresses to which the alert is sent.
properties.retentionDays		integer	Specifies the number of days to keep in the Threat Detection audit logs.
properties.storageAccountAccessKey		string	Specifies the identifier key of the Threat Detection audit storage account. If state is Enabled, storageAccountAccessKey is required.
properties.storageEndpoint		string	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. If state is Enabled, storageEndpoint is required.
properties.useServerDefault		SecurityAlertPolicyUseServerDefault	Specifies whether to use the default server policy.

Responses

Name	Type	Description
200 OK	DatabaseSecurityAlertPolicy	Successfully updated the database Threat Detection policy.
201 Created	DatabaseSecurityAlertPolicy	Successfully created the database Threat Detection policy.
Other Status Codes		* Error Responses: * 500 UpsertDatabaseSecurityAlertPolicyFailed - An error has occurred while saving Threat detection settings, please try again later * 500 DatabaseIsUnavailable - Your settings are currently unavailable, please try again later

Name

Type

Description

200 OK

DatabaseSecurityAlertPolicy

Successfully updated the database Threat Detection policy.

201 Created

DatabaseSecurityAlertPolicy

Successfully created the database Threat Detection policy.

Other Status Codes

*** Error Responses: ***

500 UpsertDatabaseSecurityAlertPolicyFailed - An error has occurred while saving Threat detection settings, please try again later * 500 DatabaseIsUnavailable - Your settings are currently unavailable, please try again later

Examples

Create database security alert policy max

Create database security alert policy min

Create database security alert policy max

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb/securityAlertPolicies/default?api-version=2014-04-01

{
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "[email protected];[email protected]",
    "disabledAlerts": "Sql_Injection;Usage_Anomaly;",
    "retentionDays": 6,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}

import com.azure.core.util.Context;
import com.azure.resourcemanager.sql.fluent.models.DatabaseSecurityAlertPolicyInner;
import com.azure.resourcemanager.sql.models.SecurityAlertPolicyEmailAccountAdmins;
import com.azure.resourcemanager.sql.models.SecurityAlertPolicyName;
import com.azure.resourcemanager.sql.models.SecurityAlertPolicyState;
import com.azure.resourcemanager.sql.models.SecurityAlertPolicyUseServerDefault;

/** Samples for DatabaseThreatDetectionPolicies CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/sql/resource-manager/Microsoft.Sql/stable/2014-04-01/examples/DatabaseSecurityAlertCreateMax.json
     */
    /**
     * Sample code: Create database security alert policy max.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createDatabaseSecurityAlertPolicyMax(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .sqlServers()
            .manager()
            .serviceClient()
            .getDatabaseThreatDetectionPolicies()
            .createOrUpdateWithResponse(
                "securityalert-4799",
                "securityalert-6440",
                "testdb",
                SecurityAlertPolicyName.DEFAULT,
                new DatabaseSecurityAlertPolicyInner()
                    .withState(SecurityAlertPolicyState.ENABLED)
                    .withDisabledAlerts("Sql_Injection;Usage_Anomaly;")
                    .withEmailAddresses("[email protected];[email protected]")
                    .withEmailAccountAdmins(SecurityAlertPolicyEmailAccountAdmins.ENABLED)
                    .withStorageEndpoint("https://mystorage.blob.core.windows.net")
                    .withStorageAccountAccessKey(
                        "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==")
                    .withRetentionDays(6)
                    .withUseServerDefault(SecurityAlertPolicyUseServerDefault.ENABLED),
                Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
  "kind": "V12",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "[email protected];[email protected]",
    "disabledAlerts": "Sql_Injection;Usage_Anomaly",
    "retentionDays": 6,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}

Status code:: 201

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
  "kind": "V12",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "[email protected];[email protected]",
    "disabledAlerts": "Access_Anomaly;Usage_Anomaly",
    "retentionDays": 6,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}

Create database security alert policy min

Sample request

HTTP
Java

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb/securityAlertPolicies/default?api-version=2014-04-01

{
  "properties": {
    "state": "Enabled",
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net"
  }
}

import com.azure.core.util.Context;
import com.azure.resourcemanager.sql.fluent.models.DatabaseSecurityAlertPolicyInner;
import com.azure.resourcemanager.sql.models.SecurityAlertPolicyName;
import com.azure.resourcemanager.sql.models.SecurityAlertPolicyState;

/** Samples for DatabaseThreatDetectionPolicies CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/sql/resource-manager/Microsoft.Sql/stable/2014-04-01/examples/DatabaseSecurityAlertCreateMin.json
     */
    /**
     * Sample code: Create database security alert policy min.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createDatabaseSecurityAlertPolicyMin(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .sqlServers()
            .manager()
            .serviceClient()
            .getDatabaseThreatDetectionPolicies()
            .createOrUpdateWithResponse(
                "securityalert-4799",
                "securityalert-6440",
                "testdb",
                SecurityAlertPolicyName.DEFAULT,
                new DatabaseSecurityAlertPolicyInner()
                    .withState(SecurityAlertPolicyState.ENABLED)
                    .withStorageEndpoint("https://mystorage.blob.core.windows.net")
                    .withStorageAccountAccessKey(
                        "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD=="),
                Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
  "kind": "V12",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "",
    "disabledAlerts": "",
    "retentionDays": 0,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}

Status code:: 201

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/servers/securityalert-6440/databases/testdb",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
  "kind": "V12",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": "Enabled",
    "emailAddresses": "",
    "disabledAlerts": "",
    "retentionDays": 0,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net",
    "useServerDefault": "Enabled"
  }
}

Definitions

Name	Description
DatabaseSecurityAlertPolicy	Contains information about a database Threat Detection policy.
SecurityAlertPolicyEmailAccountAdmins	Specifies that the alert is sent to the account administrators.
SecurityAlertPolicyName	The name of the security alert policy.
SecurityAlertPolicyState	Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.
SecurityAlertPolicyUseServerDefault	Specifies whether to use the default server policy.

DatabaseSecurityAlertPolicy

Contains information about a database Threat Detection policy.

Name	Type	Description
id	string	Resource ID.
kind	string	Resource kind.
location	string	The geo-location where the resource lives
name	string	Resource name.
properties.disabledAlerts	string	Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: Sql_Injection; Sql_Injection_Vulnerability; Access_Anomaly; Data_Exfiltration; Unsafe_Action.
properties.emailAccountAdmins	SecurityAlertPolicyEmailAccountAdmins	Specifies that the alert is sent to the account administrators.
properties.emailAddresses	string	Specifies the semicolon-separated list of e-mail addresses to which the alert is sent.
properties.retentionDays	integer	Specifies the number of days to keep in the Threat Detection audit logs.
properties.state	SecurityAlertPolicyState	Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.
properties.storageAccountAccessKey	string	Specifies the identifier key of the Threat Detection audit storage account. If state is Enabled, storageAccountAccessKey is required.
properties.storageEndpoint	string	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. If state is Enabled, storageEndpoint is required.
properties.useServerDefault	SecurityAlertPolicyUseServerDefault	Specifies whether to use the default server policy.
type	string	Resource type.

SecurityAlertPolicyEmailAccountAdmins

Specifies that the alert is sent to the account administrators.

Name	Type	Description
Disabled	string
Enabled	string

SecurityAlertPolicyName

The name of the security alert policy.

Name	Type	Description
default	string

SecurityAlertPolicyState

Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.

Name	Type	Description
Disabled	string
Enabled	string
New	string

SecurityAlertPolicyUseServerDefault

Specifies whether to use the default server policy.

Name	Type	Description
Disabled	string
Enabled	string

Share via

Database Threat Detection Policies - Create Or Update

URI Parameters

Request Body

Responses

Examples

Create database security alert policy max

Sample request

Sample response

Create database security alert policy min

Sample request

Sample response

Definitions

DatabaseSecurityAlertPolicy

SecurityAlertPolicyEmailAccountAdmins

SecurityAlertPolicyName

SecurityAlertPolicyState

SecurityAlertPolicyUseServerDefault

Additional resources