Ensure that 'Auditing' is set to 'On'
The Azure platform allows a SQL server to be created as a service. Enabling auditing at the server level ensures that all existing and newly created databases on the SQL server instance are audited. Auditing policy applied on the SQL database does not override auditing policy and settings applied on the particular SQL server where the database is hosted. Auditing tracks database events and writes them to an audit log in the Azure storage account. It also helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.MON.21
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
SQLServer should have auditing.state='Enabled'
REMEDIATION
From Portal
- Sign in to Azure Management Console
- Go to 'SQL Server'
- For each Server, click on 'Auditing' under 'Security'.
- Set 'Enable Azure SQL Auditing' to On.
- Select Save.
From TF
Set the 'enabled' arguments under 'azurerm_mssql_server_extended_auditing_policy' as below:
resource "azurerm_mssql_server_extended_auditing_policy" "example" {
...
enabled = "true"
storage_endpoint = "azurerm_storage_account.example.primary_blob_endpoint"
...
}
From Command Line
Run
az sql server audit-policy update --resource-group RESOURCEGROUPNAME --name SERVERNAME --state Enabled --bsts Enabled --storage-account STORAGEACCOUNTNAME
References
- https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview?view=azuresql
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_extended_auditing_policy#enabled
- https://learn.microsoft.com/en-us/cli/azure/sql/server/audit-policy?view=azure-cli-latest#az-sql-server-audit-policy-update
SQL Server on Virtual Machines
SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.
Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CIS Foundations v. 1.1.0
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure HITRUST v9.5.0
- Azure ISO 27001:2013
- Azure ITSG-33
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
- Microsoft Cloud Security Benchmark
Updated about 1 year ago