Overview
This document provides a comprehensive reference for the Azure SQL Database Threat Detection REST API. This API allows you to programmatically manage and configure threat detection and vulnerability assessment features for your Azure SQL databases.
Threat Detection provides a layer of security that helps detect and respond to potential threats as they occur. Vulnerability Assessment helps discover, track, and remediate database vulnerabilities.
Getting Started
To use the Azure SQL Database Threat Detection REST API, you will need:
- An Azure subscription.
- Permissions to manage Azure SQL databases and their security features.
- An Azure Active Directory (Azure AD) application registration for authentication.
- Obtain an access token for your Azure AD application.
All Azure Resource Manager (ARM) REST API operations are authenticated using Azure AD. You can use OAuth 2.0 to obtain an access token.
Threat Detection Settings
Manage the threat detection settings for your Azure SQL servers and databases.
GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/securityAlertPolicies
Lists the security alert policies for a given SQL server.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully retrieved the security alert policies. |
Example Request
GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/securityAlertPolicies?api-version=2020-02-01-previewGET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/securityAlertPolicies/{securityAlertPolicyName}
Gets a specific security alert policy for a given SQL server.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
securityAlertPolicyName |
string | The name of the security alert policy (e.g., "Default"). | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully retrieved the security alert policy. |
Example Request
GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/securityAlertPolicies/Default?api-version=2020-02-01-previewPUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/securityAlertPolicies/{securityAlertPolicyName}
Creates or updates a security alert policy for a given SQL server.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
securityAlertPolicyName |
string | The name of the security alert policy (e.g., "Default"). | Yes |
Request Body
Specifies the configuration for the security alert policy.
{
"properties": {
"state": "Enabled",
"disabledAlerts": [
"SqlInjection",
"DataExfiltration"
],
"emailAccountAdmins": true,
"emailAddresses": [
"admin1@example.com",
"admin2@example.com"
],
"storageEndpoint": "https://mysts.blob.core.windows.net/mysts"
}
}Properties:
state: (string) The state of the security alert policy. Possible values: "New", "Enabled", "Disabled".disabledAlerts: (array of strings) An array of alert types to disable.emailAccountAdmins: (boolean) Specifies if the administrators are notified with emails.emailAddresses: (array of strings) An array of email addresses to send alerts to.storageEndpoint: (string) The storage endpoint for audit logs.
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully updated the security alert policy. |
| 201 Created | Successfully created the security alert policy. |
Example Request
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/securityAlertPolicies/Default?api-version=2020-02-01-preview
Content-Type: application/json
{
"properties": {
"state": "Enabled",
"disabledAlerts": [],
"emailAccountAdmins": true,
"emailAddresses": [
"alerts@example.com"
],
"storageEndpoint": "https://mysts.blob.core.windows.net/mysts"
}
}DELETE /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/securityAlertPolicies/{securityAlertPolicyName}
Deletes a security alert policy for a given SQL server.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
securityAlertPolicyName |
string | The name of the security alert policy (e.g., "Default"). | Yes |
Responses
| Status Code | Description |
|---|---|
| 204 No Content | Successfully deleted the security alert policy. |
Example Request
DELETE https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/securityAlertPolicies/Default?api-version=2020-02-01-previewVulnerability Assessment
Manage vulnerability assessment settings and scan results for your Azure SQL databases.
GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments
Lists the vulnerability assessment policies for a given SQL database.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
databaseName |
string | The name of the SQL database. | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully retrieved the vulnerability assessment policies. |
Example Request
GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/databases/myDatabase/vulnerabilityAssessments?api-version=2020-02-01-previewGET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments/{vulnerabilityAssessmentName}
Gets a specific vulnerability assessment policy for a given SQL database.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
databaseName |
string | The name of the SQL database. | Yes |
vulnerabilityAssessmentName |
string | The name of the vulnerability assessment (e.g., "Default"). | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully retrieved the vulnerability assessment policy. |
Example Request
GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/databases/myDatabase/vulnerabilityAssessments/Default?api-version=2020-02-01-previewPUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments/{vulnerabilityAssessmentName}
Creates or updates a vulnerability assessment policy for a given SQL database.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
databaseName |
string | The name of the SQL database. | Yes |
vulnerabilityAssessmentName |
string | The name of the vulnerability assessment (e.g., "Default"). | Yes |
Request Body
Specifies the configuration for the vulnerability assessment policy.
{
"properties": {
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": true,
"emails": [
"va-reports@example.com"
]
},
"storageContainerPath": "https://mystorage.blob.core.windows.net/va-results"
}
}Properties:
recurringScans: (object) Configuration for recurring vulnerability scans.isEnabled: (boolean) Whether recurring scans are enabled.emailSubscriptionAdmins: (boolean) Whether to send scan results to subscription admins.emails: (array of strings) An array of email addresses to send scan results to.
storageContainerPath: (string) The path to the Azure Blob Storage container for storing scan results.
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully updated the vulnerability assessment policy. |
| 201 Created | Successfully created the vulnerability assessment policy. |
Example Request
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/databases/myDatabase/vulnerabilityAssessments/Default?api-version=2020-02-01-preview
Content-Type: application/json
{
"properties": {
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": [
"va-reports@example.com"
]
},
"storageContainerPath": "https://mystorage.blob.core.windows.net/va-results"
}
}POST /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments/{vulnerabilityAssessmentName}/export
Exports the vulnerability assessment scan results for a given SQL database.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
databaseName |
string | The name of the SQL database. | Yes |
vulnerabilityAssessmentName |
string | The name of the vulnerability assessment (e.g., "Default"). | Yes |
Request Body
Specifies the export parameters.
{
"exportBlobPath": "https://mystorage.blob.core.windows.net/va-reports/myDatabase_va_export.json"
}Properties:
exportBlobPath: (string) The Azure Blob Storage path to export the results to.
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully exported the vulnerability assessment results. |
Example Request
POST https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/databases/myDatabase/vulnerabilityAssessments/Default/export?api-version=2020-02-01-preview
Content-Type: application/json
{
"exportBlobPath": "https://mystorage.blob.core.windows.net/va-reports/myDatabase_va_export.json"
}GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments/{vulnerabilityAssessmentName}/scans
Lists the vulnerability assessment scans for a given SQL database.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
databaseName |
string | The name of the SQL database. | Yes |
vulnerabilityAssessmentName |
string | The name of the vulnerability assessment (e.g., "Default"). | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully retrieved the vulnerability assessment scans. |
Example Request
GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/databases/myDatabase/vulnerabilityAssessments/Default/scans?api-version=2020-02-01-previewAdvanced Threat Protection
Manage Advanced Threat Protection settings for your Azure SQL databases.
GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/advancedThreatProtectionSettings
Lists the Advanced Threat Protection settings for a given SQL database.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
databaseName |
string | The name of the SQL database. | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully retrieved the Advanced Threat Protection settings. |
Example Request
GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/databases/myDatabase/advancedThreatProtectionSettings?api-version=2020-02-01-previewGET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/advancedThreatProtectionSettings/{advancedThreatProtectionSettingName}
Gets a specific Advanced Threat Protection setting for a given SQL database.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
databaseName |
string | The name of the SQL database. | Yes |
advancedThreatProtectionSettingName |
string | The name of the ATP setting (e.g., "current"). | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully retrieved the Advanced Threat Protection setting. |
Example Request
GET https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/databases/myDatabase/advancedThreatProtectionSettings/current?api-version=2020-02-01-previewPUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/advancedThreatProtectionSettings/{advancedThreatProtectionSettingName}
Creates or updates an Advanced Threat Protection setting for a given SQL database.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
databaseName |
string | The name of the SQL database. | Yes |
advancedThreatProtectionSettingName |
string | The name of the ATP setting (e.g., "current"). | Yes |
Request Body
Specifies the configuration for the Advanced Threat Protection setting.
{
"properties": {
"state": "Enabled",
"storageEndpoint": "https://mysts.blob.core.windows.net/atp-logs"
}
}Properties:
state: (string) The state of the Advanced Threat Protection setting. Possible values: "Enabled", "Disabled".storageEndpoint: (string) The storage endpoint for audit logs if required.
Responses
| Status Code | Description |
|---|---|
| 200 OK | Successfully updated the Advanced Threat Protection setting. |
| 201 Created | Successfully created the Advanced Threat Protection setting. |
Example Request
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/databases/myDatabase/advancedThreatProtectionSettings/current?api-version=2020-02-01-preview
Content-Type: application/json
{
"properties": {
"state": "Enabled",
"storageEndpoint": "https://mysts.blob.core.windows.net/atp-logs"
}
}DELETE /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/advancedThreatProtectionSettings/{advancedThreatProtectionSettingName}
Deletes an Advanced Threat Protection setting for a given SQL database.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
subscriptionId |
string | The ID of your Azure subscription. | Yes |
resourceGroupName |
string | The name of the resource group. | Yes |
serverName |
string | The name of the SQL server. | Yes |
databaseName |
string | The name of the SQL database. | Yes |
advancedThreatProtectionSettingName |
string | The name of the ATP setting (e.g., "current"). | Yes |
Responses
| Status Code | Description |
|---|---|
| 204 No Content | Successfully deleted the Advanced Threat Protection setting. |
Example Request
DELETE https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myServer/databases/myDatabase/advancedThreatProtectionSettings/current?api-version=2020-02-01-preview