az synapse sql pool threat-policy

Manage a SQL pool's threat detection policies.

Commands

az synapse sql pool threat-policy show

Get a SQL pool's threat detection policy.

az synapse sql pool threat-policy update

Update a SQL pool's threat detection policy.

az synapse sql pool threat-policy show

Get a SQL pool's threat detection policy.

az synapse sql pool threat-policy show --security-alert-policy-name
                                       [--ids]
                                       [--name]
                                       [--resource-group]
                                       [--workspace-name]

Examples

Get a SQL pool's threat detection policy.

az synapse sql pool threat-policy show --name sqlpool --workspace-name testsynapseworkspace \
--resource-group rg --security-alert-policy-name threatpolicy

Required Parameters

--security-alert-policy-name -s

Name of the security alert policy.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The SQL pool name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--workspace-name

The workspace name.

az synapse sql pool threat-policy update

Update a SQL pool's threat detection policy.

If the policy is being enabled, storage_account or both storage_endpoint and storage_account_access_key must be specified.

az synapse sql pool threat-policy update [--add]
                                         [--disabled-alerts]
                                         [--email-account-admins {false, true}]
                                         [--email-addresses]
                                         [--force-string]
                                         [--ids]
                                         [--name]
                                         [--remove]
                                         [--resource-group]
                                         [--retention-days]
                                         [--security-alert-policy-name]
                                         [--set]
                                         [--state {Disabled, Enabled, New}]
                                         [--storage-account]
                                         [--storage-endpoint]
                                         [--storage-key]
                                         [--workspace-name]

Examples

Enable by storage account name.

az synapse sql pool threat-policy update --name sqlpool --workspace-name testsynapseworkspace --resource-group rg \
--state Enabled --storage-account mystorageaccount --security-alert-policy-name threatpolicy

Enable by storage endpoint and key.

az synapse sql pool threat-policy update --name sqlpool --workspace-name testsynapseworkspace --resource-group rg \
--state Enabled --storage-endpoint https://mystorage.blob.core.windows.net --storage-key MYKEY== \
--security-alert-policy-name threatpolicy

Disable a subset of alert types.

az synapse sql pool threat-policy update --name sqlpool --workspace-name testsynapseworkspace --resource-group rg \
--disabled-alerts Sql_Injection_Vulnerability Access_Anomaly --security-alert-policy-name threatpolicy

Configure email recipients for a policy.

az synapse sql pool threat-policy update --name sqlpool --workspace-name testsynapseworkspace --resource-group rg \
--email-addresses me@examlee.comyou@example.com --email-account-admins true \
--security-alert-policy-name threatpolicy

Disable a threat policy.

az synapse sql pool threat-policy update --name sqlpool --workspace-name testsynapseworkspace --resource-group rg \
--state Disabled --security-alert-policy-name threatpolicy

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--disabled-alerts

List of disabled alerts.

--email-account-admins

Whether the alert is sent to the account administrators.

accepted values: false, true
--email-addresses

List of email addresses that alerts are sent to.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The SQL pool name.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention-days

The number of days to retain threat detection logs.

--security-alert-policy-name -s

Name of the security alert policy.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--state

Threat detection policy state.

accepted values: Disabled, Enabled, New
--storage-account

Name of the storage account.

--storage-endpoint

The storage account endpoint.

--storage-key

Access key for the storage account.

--workspace-name

The workspace name.