我很难拒绝在SQL Server ADS威胁保护自定义警报上工作。请在下面查看我的代码,并指出我要去哪里。
我正在尝试设置sql server ads威胁保护自定义警报,因此它们都必须打开,并且用户无法禁用其中任何一个。
{
"name": "deny-ads-tp-disablealerts3",
"properties": {
"displayName": "Deny not checking for all threat protection alerts3",
"description": "Deny not checking for all threat protection alerts3",
"mode": "All",
"parameters": {
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Sql/servers/securityAlertPolicies"
},
{
"field": "Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.isEnabled",
"equals": "True"
},
{
"anyOf": [
{
"field": "Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]",
"Equals": "Sql_Injection"
},
{
"field": "Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]",
"Equals": "Sql_Injection_Vulnerability"
},
{
"field": "Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]",
"Equals": "Access_Anomaly"
},
{
"field": "Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]",
"Equals": "Data_Exfiltration"
},
{
"field": "Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]",
"Equals": "Unsafe_Action"
}
]
}
]
},
"then": {
"effect": "deny"
}
}
}
}