Explore and investigate Defender for SQL security alerts

There are several ways to view Microsoft Defender for SQL alerts in Microsoft Defender for Cloud:

• The Alerts page.

• The machine's security page.

• The workload protections dashboard.

• Through the direct link provided in the alert's email.

1. Sign in to the Azure portal.

2. Search for and select Microsoft Defender for Cloud.

3. Select Security alerts.

4. Select an alert.

Alerts are designed to be self-contained, with detailed remediation steps and investigation information in each one. You can investigate further by using other Microsoft Defender for Cloud and Microsoft Sentinel capabilities for a broader view:

• Enable SQL Server's auditing feature for further investigations. If you're a Microsoft Sentinel user, you can upload the SQL auditing logs from the Windows Security Log events to Sentinel and enjoy a rich investigation experience. Learn more about SQL Server Auditing.

• To improve your security posture, use Defender for Cloud's recommendations for the host machine indicated in each alert to reduce the risks of future attacks.

Learn more about managing and responding to alerts.

For related information, see these resources:

• Security alerts for SQL Database and Azure Synapse Analytics
• Set up email notifications for security alerts
• Learn more about Microsoft Sentinel