This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I have enabled Microsoft Defender for SQL on my azure SQL database.
I have executed some sql request to simulate sql injection attack like
select * from sys.databases where database_id like '' or 1=1;
the request was well executed and the result contain all databases
in security center, there is no alerte.
Did Windows Defender for SQL protect from SQL Injection
Best regards
Hichem
Hello Givary,
I sent an email to AzCommunity@microsoft.com with answers
Best regards
Hichem
Thank you for reaching out to us. As per my understand you are investigating alerts in Microsoft Defender for SQL - for Azure SQL database.
Would like to understand when did you onboard Azure SQL DB to Microsoft Defender for Cloud ?
Do you have this option enabled for SQL DB on Defender for Cloud ?
Also do you see Azure SQL DB in the inventory list ?
Let me know if you have any further questions.
Offline troubleshooting/update:
Not all SQL injection are detected.
So There are some SQL injection types are detected by Defender for SQL.
When Defender for Cloud detects a threat in any area of your environment, it generates a security alert. These alerts describe details of the affected resources, suggested remediation steps, and in some cases an option to trigger a logic app in response. Whether an alert is generated by Defender for Cloud, or received by Defender for Cloud from an integrated security product, you can export it.
Defender for Cloud's threat protection includes fusion kill-chain analysis, which automatically correlates alerts in your environment based on cyber kill-chain analysis, to help you better understand the full story of an attack campaign, where it started and what kind of impact it had on your resources. Sometimes it also takes time to reflect the alert in Microsoft defender for cloud.
Let me know if you have any further questions.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.