This is coming from a machine connected to Log Analytics workspace, which was enabled for Azure Defender for SQL. This is an opt-in feature that is enabled from Azure Security Center on a Log Analytics workspace. Once enabled, a solution is targeting the workspace and protects machines that are connected to it and have SQL Server installed.
Regards,
Tomer