Skip to content

Latest commit

 

History

History
26 lines (22 loc) · 2.41 KB

server-auditing-enabled.md

File metadata and controls

26 lines (22 loc) · 2.41 KB

CloudSploit

AZURE / SQL Server / Server Auditing Enabled

Quick Info

Plugin Title Server Auditing Enabled
Cloud AZURE
Category SQL Server
Description Ensures that SQL Server Auditing is enabled for SQL servers
More Info Enabling SQL Server Auditing ensures that all activities are being logged properly, including potentially-malicious activity.
AZURE Link https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
Recommended Action Ensure that auditing is enabled for each SQL server.

Detailed Remediation Steps

  1. Log in to the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for "SQL servers".
  3. On the "SQL server" page, select the SQL server that needs to be examined.
  4. On the selected "SQL server" page, scroll down the left navigation panel and select "Auditing" under "Security".
  5. On the "Auditing" page, if "Azure SQL Auditing" and "Auditing of Microsoft support operations" is disabled then SQL Server Auditing for all activities are not being logged properly.
  6. To ensure that auditing is enabled for each SQL server, go to "Auditing" page and turn the toggle "ON" for "Enable Azure SQL Auditing" and under "Audit log destination" checkmark "Storage", "Log Analytics", "Event hub" selecting the "Subscription" and "Storage end points" under each section.
  7. Turn the toggle "ON" for "Auditing of Microsoft support operations" and under "Audit log destination" checkmark "Storage", "Log Analytics", "Event hub" selecting the "Subscription" and "Storage end points" under each section.
  8. Click on "Save" at the top to make the necessary changes.
  9. Repeat steps 3-8 to ensure that auditing is enabled for each SQL server.