Ensure that SQL Server Auditing Retention is greater than 90 days

Ensure that SQL Server Auditing retention is greater than 90 days. To keep the logs forever pass a value of 0 to the retention parameter.

Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.MON.50
Covered by Spectral: No
Category: Compute

GSL LOGIC

SQLServer should have auditing.state='Enabled' and ( auditing.retentionDays=0 or auditing.retentionDays>=90 )

REMEDIATION

With Azure CLI:
az sql server audit-policy update -g mygroup -s myserver -n mydb --state Enabled --bsts Enabled --storage-account mystorage --retention-days 0

References: https://docs.microsoft.com/en-us/cli/azure/sql/server/audit-policy?view=azure-cli-latest#az_sql_server_audit_policy_update

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CloudGuard Best Practices
  • Azure HITRUST v9.5.0
  • Azure ITSG-33