Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch 565 #586

Merged
merged 6 commits into from
Oct 18, 2022
Merged

Patch 565 #586

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
65bbc6e
Update audit-action-groups-enabled.md
shuklaalok87 Aug 6, 2022
08dd27a
Images & text added
shuklaalok87 Aug 6, 2022
61e7926
Update audit-action-groups-enabled.md
shuklaalok87 Aug 6, 2022
f4ad935
Update audit-action-groups-enabled.md
shuklaalok87 Aug 6, 2022
891f4a7
Create step7.png
shuklaalok87 Aug 6, 2022
c37b35c
Merge branch 'patch-565' of https://github.com/shuklaalok87/security-…
shuklaalok87 Aug 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions en/azure/sqlserver/audit-action-groups-enabled.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,14 @@

## Detailed Remediation Steps

1. Log into the Microsoft Azure Management Console.
2. Select the "Search resources, services, and docs" option at the top and search for SQL servers. </br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step2.png"/>
3. On the "SQL server" page, click on the "Cloud shell" button at the top to access "Power Shell" as "Audit Action Groups Enabled" cannot be checked from A"zure UI Console".</br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step3.png"/>
4. Run Get-AzSqlServer PowerShell command, to list all the "SQL servers" in the selected subscription.</br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step4.png"/>
5. Run Get-AzSqlServerAuditing PowerShell command with name of "SQL server" name that needs to be examine along with identifier parameter and custom query filters.</br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step5.png"/>
6. The above command will return name of the each action group which are enabled and if it's showing "FAILED_DATABASE_AUTHENTICATION_GROUP" then there is no "Audit Action Groups Enabled."<br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step6.png"/>
7. Repeat steps number 2 - 6 to verify other "SQL server" in different Azure accounts.</br>
8. Run Set-AzSqlServerAuditing PowerShell along with "Server name", "Resource group" and "Retention days." Command can use like "Set-AzSqlServerAuditing -State Enabled -ServerName "cc-pr" -ResourceGroupName "test-noc26" -StorageAccountName "abinnf890" -AuditActionGroupSet-AzSqlServerAuditing -State Enabled -ServerName "testnov26" -ResourceGroupName "test-noc26" -StorageAccountName "abinnf890" -AuditActionGroup "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" -RetentionInDays 90". </br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step8.png"/>
9. Repeat step number 8 to configure SQL Server Audit Action and Groups.</br>
1. Log in to the Microsoft Azure Management Console.
2. Select the "Search resources, services, and docs" option at the top and search for "SQL servers". </br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step2.png"/>
3. On the "SQL server" page, click on the "Cloud shell" icon at the top next to the search bar as "Audit Action Groups Enabled" cannot be checked from Azure "UI Console".</br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step3.png"/>
4. In the box that opens at the bottom, select "PowerShell".</br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step4.png"/>
5. In the next screen, select the desired Azure Subscription & click on "Create storage" button.</br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step5.png"/>
6. Run "Get-AzSqlServer" PowerShell command in the PowerShell prompt, to list all the "SQL servers" in the selected subscription. Note the "ResourceGroupName" and "ServerName" of the desired SQL server. </br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step6.png"/>
7. Run "Get-AzSqlServerAudit -ResourceGroupName your_resource_group_name -ServerName your_server_name" PowerShell command.</br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step7.png"/>
8. In the result if the "AuditActionGroup" property value is {}(empty) then Audit Action Groups are not enabled. </br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step8.png"/>
9. Run "Set-AzSqlServerAudit -ServerName your_server_name -ResourceGroupName your_resource_group_name -AuditActionGroup SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP". </br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step9.png"/>
10. Run "Get-AzSqlServerAudit -ResourceGroupName your_resource_group_name -ServerName your_server_name" PowerShell command to verify that "AuditActionGroup" property value is not {}(empty).</br> <img src="/resources/azure/sqlserver/audit-action-groups-enabled/step10.png"/>
11. Repeat step number 3-10 to check and configure SQL Server Audit Groups for all other SQL servers.</br>
Binary file added resources/azure/sqlserver/audit-action-groups-enabled/step10.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/azure/sqlserver/audit-action-groups-enabled/step2.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/azure/sqlserver/audit-action-groups-enabled/step3.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/azure/sqlserver/audit-action-groups-enabled/step4.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/azure/sqlserver/audit-action-groups-enabled/step5.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/azure/sqlserver/audit-action-groups-enabled/step6.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added resources/azure/sqlserver/audit-action-groups-enabled/step7.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/azure/sqlserver/audit-action-groups-enabled/step8.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added resources/azure/sqlserver/audit-action-groups-enabled/step9.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.