diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 501941786b..40b2b46cd5 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -57,6 +57,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: #### Tooling - Updated the ***Baseline alerts and monitoring*** integration section in the portal accelerator to deploy the latest release of AMBA (2025-01-10). To read more on the changes, see the [What's new](https://aka.ms/amba/alz/whatsnew) page in the AMBA documentation. +- Added SQL Advanced Threat Protection status log to [dataCollectionRule-DefenderSQL.json](Enterprise-Scale/eslzArm/resourceGroupTemplates/dataCollectionRule-DefenderSQL.json) data collection rule. The logs allows identifying machines connected to the workspace with SQL ATP and the protection status on each instance on those machines and is used by MDfC Defender for SQL. ### 🔃 Policy Refresh Q2 FY25 diff --git a/eslzArm/resourceGroupTemplates/dataCollectionRule-DefenderSQL.json b/eslzArm/resourceGroupTemplates/dataCollectionRule-DefenderSQL.json index b66a754831..a3f99ef45b 100644 --- a/eslzArm/resourceGroupTemplates/dataCollectionRule-DefenderSQL.json +++ b/eslzArm/resourceGroupTemplates/dataCollectionRule-DefenderSQL.json @@ -62,7 +62,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "extensionSettings": { "enableCollectionOfSqlQueriesForSecurityResearch": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" @@ -85,7 +86,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "destinations": [ "LogAnalyticsDest"