Microsoft Defender for Cloud detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases for the following services:
When Microsoft Defender for Cloud is enabled on your database, it detects anomalous activities and generates alerts. These alerts are available from multiple locations, including:
In the Azure portal:
Microsoft Defender for Cloud's security alerts page - Shows alerts for all resources protected by Defender for Cloud in the subscriptions you've got permissions to view.
The resource's Microsoft Defender for Cloud page - Shows alerts and recommendations for one specific resource.
A live tile on Microsoft Defender for Cloud's overview dashboard tracks the status of active threats to all your resources including databases. Select the security alerts tile to go to the Defender for Cloud security alerts page and get an overview of active threats detected on your databases.
For detailed steps and the recommended method to respond to security alerts, see Respond to a security alert.
Respond to email notifications of security alerts
Defender for Cloud sends email notifications when it detects anomalous database activities. The email includes details of the suspicious security event such as the nature of the anomalous activities, database name, server name, application name, and event time. The email also provides information on possible causes and recommended actions to investigate and mitigate any potential threats to the database.
From the email, select the View the full alert link to launch the Azure portal and show the security alerts page, which provides an overview of active threats detected on the database.
View active threats at the subscription level from within the Defender for Cloud portal pages:
For additional details and recommended actions for investigating the current threat and remediating future threats, select a specific alert.
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.