Server Security Alert Policies - Create Or Update

Creates or updates a threat detection policy.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforMySQL/servers/{serverName}/securityAlertPolicies/Default?api-version=2017-12-01

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

The subscription ID that identifies an Azure subscription.

resourceGroupName
path True
  • string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

serverName
path True
  • string

The name of the server.

securityAlertPolicyName
path True

The name of the threat detection policy.

api-version
query True
  • string

The API version to use for the request.

Request Body

Name Required Type Description
properties.disabledAlerts
  • string[]

Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly

properties.emailAccountAdmins
  • boolean

Specifies that the alert is sent to the account administrators.

properties.emailAddresses
  • string[]

Specifies an array of e-mail addresses to which the alert is sent.

properties.retentionDays
  • integer

Specifies the number of days to keep in the Threat Detection audit logs.

properties.state True

Specifies the state of the policy, whether it is enabled or disabled.

properties.storageAccountAccessKey
  • string

Specifies the identifier key of the Threat Detection audit storage account.

properties.storageEndpoint
  • string

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

Responses

Name Type Description
200 OK

Successfully updated the threat detection policy.

202 Accepted

Created request to set the server threat detection policy.

Other Status Codes

Error response describing why the operation of setting security alert policies failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Update a server's threat detection policy with all parameters
Update a server's threat detection policy with minimal parameters

Update a server's threat detection policy with all parameters

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.DBforMySQL/servers/securityalert-6440/securityAlertPolicies/Default?api-version=2017-12-01
{
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": true,
    "emailAddresses": [
      "testSecurityAlert@microsoft.com"
    ],
    "disabledAlerts": [
      "Access_Anomaly",
      "Usage_Anomaly"
    ],
    "retentionDays": 5,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net"
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.DBforMySQL/servers/securityalert-6440/securityAlertPolicies/default",
  "name": "Default",
  "type": "Microsoft.DBforMySQL/servers/securityAlertPolicies",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": true,
    "emailAddresses": [
      "testSecurityAlert@microsoft.com"
    ],
    "disabledAlerts": [
      "Access_Anomaly",
      "Usage_Anomaly"
    ],
    "retentionDays": 5,
    "storageEndpoint": "https://mystorage.blob.core.windows.net"
  }
}

Update a server's threat detection policy with minimal parameters

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.DBforMySQL/servers/securityalert-6440/securityAlertPolicies/Default?api-version=2017-12-01
{
  "properties": {
    "state": "Disabled",
    "emailAccountAdmins": true
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.DBforMySQL/servers/securityalert-6440/securityAlertPolicies/default",
  "name": "Default",
  "type": "Microsoft.DBforMySQL/servers/securityAlertPolicies",
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": true,
    "emailAddresses": [],
    "disabledAlerts": [],
    "retentionDays": 0,
    "storageEndpoint": ""
  }
}

Definitions

SecurityAlertPolicyName

The name of the threat detection policy.

ServerSecurityAlertPolicy

A server security alert policy.

ServerSecurityAlertPolicyState

Specifies the state of the policy, whether it is enabled or disabled.

SecurityAlertPolicyName

The name of the threat detection policy.

Name Type Description
Default
  • string

ServerSecurityAlertPolicy

A server security alert policy.

Name Type Description
id
  • string

Resource ID

name
  • string

Resource name.

properties.disabledAlerts
  • string[]

Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly

properties.emailAccountAdmins
  • boolean

Specifies that the alert is sent to the account administrators.

properties.emailAddresses
  • string[]

Specifies an array of e-mail addresses to which the alert is sent.

properties.retentionDays
  • integer

Specifies the number of days to keep in the Threat Detection audit logs.

properties.state

Specifies the state of the policy, whether it is enabled or disabled.

properties.storageAccountAccessKey
  • string

Specifies the identifier key of the Threat Detection audit storage account.

properties.storageEndpoint
  • string

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

type
  • string

Resource type.

ServerSecurityAlertPolicyState

Specifies the state of the policy, whether it is enabled or disabled.

Name Type Description
Disabled
  • string
Enabled
  • string