跳到主要内容

Real-time Monitoring and Response

Implementation Effort: Medium
Customer IT and Security Operations teams must configure Defender for Databases plans and integrate alert handling into their incident response workflows.

User Impact: Low
All actions are performed by administrators and security teams; no user-facing changes or notifications are required.

Overview

Real-time monitoring and response in Microsoft Defender for Databases enables organizations to detect and respond to threats targeting their database environments across Azure, on-premises, and multicloud platforms. Defender for Databases provides continuous monitoring, anomaly detection, and real-time alerts enriched with threat intelligence.

Key Capabilities

  1. Continuous Monitoring

    • Defender for Databases continuously monitors database activity for suspicious behavior such as SQL injection, privilege escalation, and unauthorized access 1.
  2. Real-Time Alerts

    • Alerts are generated in real time and include contextual information such as:
      • Affected resource
      • Type of threat
      • Severity level
      • Recommended remediation steps 1.
  3. Multicloud Support

    • Supports Azure SQL, SQL Servers on machines, open-source databases (PostgreSQL, MySQL, MariaDB), and Azure Cosmos DB.
    • Also supports Amazon RDS instances for PostgreSQL, MySQL, and MariaDB 1.
  4. Threat Intelligence Integration

    • Alerts are enriched with Microsoft threat intelligence to improve detection accuracy and response effectiveness 1.
  5. Simplified Response

    • Security teams can respond to alerts directly from the Microsoft Defender portal or integrate with Microsoft Sentinel for automated workflows.
  6. Log Analytics Integration

    • For SQL Servers on machines, integration with Log Analytics enables deeper visibility and custom