Ensure that SQL Database Auditing is Enabled

Ensure that SQL Database Auditing is enabled in order to keep track of Audit events.

Risk Level: Low
Cloud Entity: Azure SQL Database
CloudGuard Rule ID: D9.AZU.MON.52
Covered by Spectral: Yes
Category: Database

GSL LOGIC

SQLDB should have auditing.state='Enabled'

REMEDIATION

From Portal

  1. Sign in to Azure Management Console
  2. Go to 'SQL Database'
  3. For each Database, click on Auditing under Security.
  4. Set Enable Azure SQL Auditing is set to On
  5. Select Save.

From TF
Set the 'enabled' arguments under 'azurerm_mssql_database_extended_auditing_policy' as below:

resource "azurerm_mssql_database_extended_auditing_policy" "example" {
	...
	enabled                 = "true"
	storage_endpoint        = "azurerm_storage_account.example.primary_blob_endpoint"
	...
}

From Command Line
Run

az sql db audit-policy update --resource-group RESOURCEGROUPNAME --name SERVERNAME --state Enabled --bsts Enabled --storage-account STORAGEACCOUNTNAME

References

  1. https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview?view=azuresql
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_database
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database_extended_auditing_policy#enabled
  4. https://learn.microsoft.com/en-us/cli/azure/sql/db/audit-policy?view=azure-cli-latest#az-sql-db-audit-policy-update

Azure SQL Database

Azure SQL Database is the intelligent, fully managed relational cloud database service that provides the broadest SQL Server engine compatibility, so you can migrate your SQL Server databases without changing your apps. Accelerate app development and make maintenance easy and productive using the SQL tools you love to use. Take advantage of built-in intelligence that learns app patterns and adapts to maximize performance, reliability, and data protection.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CloudGuard Best Practices
  • Azure ITSG-33
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset