Azure_SQLServers_2

Ensure that AuditActionGroups ' in ' auditing ' policy for a SQL server is set properly

Description

Configure the ‘ AuditActionGroups ‘ property to appropriate groups to capture all the critical activities on the SQL Server and all the SQL databases hosted on the SQL server.

Remediation

On Azure Console, There is no Provision to check or change AuditActionGroup property.

Perform the following in Azure PowerShell:

To create Audit profile with prescribed ‘ AuditActionGroup ‘.

Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName <resourceGroup> -ServerName <serverName> -StorageAccountName storageAccountName -AuditActionGroup SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP -RetentionInDays <number >= 90>

References:

  1. https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions?view=sql-server-2017#database-level-audit-action-groups
  2. https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditingpolicy?view=azurermps-6.5.0

Service

Database Services

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!