Activity log alert should exist for Delete SQL Server Firewall Rule
HIGH
Ensures an activity log alert is configured to detect deletion of SQL Server firewall rules.
What does this mean?
This recommendation ensures Activity Log alerts are configured to detect deletion of SQL Server firewall rules. Removing firewall rules may unintentionally expose databases or indicate an attempt to cover tracks.
Benefits of implementation
- Detects removal of database network protections
- Enables rapid response to suspicious firewall changes
- Supports security audit requirements
Drawbacks and considerations
- Alerts fire for both planned and unplanned changes
- Requires integration with incident response workflows
- May generate noise during database maintenance windows
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Logging & Monitoring
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12