Skip to content

Commit a0fa6ac

Browse files
cormacpaynecormacpayne
authored
Merge pull request #8089 from yaakoviyun/master
Added new Data_Exfiltration and Unsafe_Action detection types to Threat Detection's cmdlets
2 parents ae31254 + a00a4bb commit a0fa6ac

File tree

5 files changed

+3346
-3689
lines changed

5 files changed

+3346
-3689
lines changed

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/ThreatDetectionTests.ps1

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -76,18 +76,20 @@ function Test-ThreatDetectionDatabaseUpdatePolicy
7676
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
7777

7878
# Test
79-
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -ExcludedDetectionType "Sql_Injection", "Sql_Injection_Vulnerability", "Access_Anomaly"
79+
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -ExcludedDetectionType "Sql_Injection", "Sql_Injection_Vulnerability", "Access_Anomaly", "Data_Exfiltration", "Unsafe_Action"
8080
$policy = Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
8181

8282
# Assert
8383
Assert-AreEqual $policy.ThreatDetectionState "Enabled"
8484
Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
8585
Assert-False {$policy.EmailAdmins}
86-
Assert-AreEqual $policy.ExcludedDetectionTypes.Count 3
86+
Assert-AreEqual $policy.ExcludedDetectionTypes.Count 5
8787
Assert-AreEqual $policy.StorageAccountName $params.storageAccount
8888
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection)}
8989
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
9090
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Access_Anomaly)}
91+
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Data_Exfiltration)}
92+
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Unsafe_Action)}
9193

9294
# Test
9395
Remove-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
@@ -97,10 +99,12 @@ function Test-ThreatDetectionDatabaseUpdatePolicy
9799
Assert-AreEqual $policy.ThreatDetectionState "Disabled"
98100
Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
99101
Assert-False {$policy.EmailAdmins}
100-
Assert-AreEqual $policy.ExcludedDetectionTypes.Count 3
102+
Assert-AreEqual $policy.ExcludedDetectionTypes.Count 5
101103
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection)}
102104
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
103105
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Access_Anomaly)}
106+
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Data_Exfiltration)}
107+
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Unsafe_Action)}
104108

105109
# Test
106110
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -ExcludedDetectionType "None"
@@ -144,17 +148,19 @@ function Test-ThreatDetectionServerUpdatePolicy
144148
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
145149

146150
# Test
147-
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly -StorageAccountName $params.storageAccount
151+
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action -StorageAccountName $params.storageAccount
148152
$policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
149153

150154
# Assert
151155
Assert-AreEqual $policy.ThreatDetectionState "Enabled"
152156
Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
153157
Assert-False {$policy.EmailAdmins}
154-
Assert-AreEqual $policy.ExcludedDetectionTypes.Count 3
158+
Assert-AreEqual $policy.ExcludedDetectionTypes.Count 5
155159
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection)}
156160
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
157161
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Access_Anomaly)}
162+
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Data_Exfiltration)}
163+
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Unsafe_Action)}
158164

159165
# Test
160166
Remove-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
@@ -164,10 +170,12 @@ function Test-ThreatDetectionServerUpdatePolicy
164170
Assert-AreEqual $policy.ThreatDetectionState "Disabled"
165171
Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
166172
Assert-False {$policy.EmailAdmins}
167-
Assert-AreEqual $policy.ExcludedDetectionTypes.Count 3
173+
Assert-AreEqual $policy.ExcludedDetectionTypes.Count 5
168174
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection)}
169175
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
170176
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Access_Anomaly)}
177+
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Data_Exfiltration)}
178+
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Unsafe_Action)}
171179

172180
# Test
173181
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType None -StorageAccountName $params.storageAccount

0 commit comments

Comments
 (0)