Exposed Source
Service Name: Azure SQL Database
Service Description: Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most database management functions such as upgrading, patching, backups, and monitoring without user involvement.
Service Address: https://azure.microsoft.com/en-us/products/azure-sql/database
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to Azure SQL databases when combined with proper authentication credentials.
Secret Revokement URL: https://learn.microsoft.com/en-us/azure/azure-sql/database/security-overview
Secret Example: mycompanydb.database.windows.net
Suspicious Activity Investigation Instructions:
- Review Azure SQL audit logs for unusual query patterns or data access
- Check Azure Activity logs for unauthorized connection attempts
- Monitor for unusual data export operations or schema changes
- Verify IP addresses accessing the database against expected sources
- Look for privilege escalation attempts in database user roles
Mitigation Instructions:
- Rotate any credentials that may have been exposed with the connection string
- Update firewall rules to restrict access to known IP addresses only
- Enable Azure Defender for SQL to detect potential threats
- Implement Azure Active Directory authentication instead of SQL authentication
- Review and minimize permissions for all database users and roles
- Enable Transparent Data Encryption (TDE) if not already enabled
- Consider implementing Always Encrypted for sensitive data columns