Azure Security Center generates an alert for a SQL Database that someone authenticated from an "unusual datacenter". Provided IP is Microsoft owned. Hostname is nothing recognizable.
Asked
Active
Viewed 22 times
-1
-
Either raise a support case or ignore. – Ace Sep 02 '22 at 03:39
-
Already answered my question, wasn't looking for input – RiverHeart Sep 03 '22 at 04:08
1 Answers
0
In hindsight this makes a lot of sense but this can occur (not saying it only occurs) when you have Azure resources accessing the database that are located in a different location.
So database lives in "West US 2" but Azure Function pulling data from the database is located in "North Central US" and because these resources are in different datacenters it is "unusual" because why wouldn't you keep everything in the same region?
You can confirm the IP reported in the alert matches the outbound IP range of the Azure Function going to that resource, selecting JSON View and searching for the suspicious IP. If you're having the same issue it'll be found in the "outboundIpAddresses" field.
RiverHeart
- 119
- 5