SQL Servers

Server Auditing Disabled

Risk Level: MEDIUM

Description: 

This plugin makes sure SQL Server Auditing is turned on for SQL servers. Enabling SQL Server Auditing guarantees that all actions, including potentially harmful behaviour, are appropriately logged. Maintaining regulatory compliance, understanding database activity, and gaining insight into inconsistencies and abnormalities that might suggest business issues or suspected security violations are all advantages of auditing.

PingSafe strongly recommends ensuring that auditing is enabled for each SQL server.

About the Service :

Azure SQL is a set of managed, secure, and intelligent SQL Server database solutions that run in the Azure cloud. Because Azure SQL is based on the well-known SQL Server engine,  applications can be easily transferred while keeping the existing tools, languages, and resources. 

Impact : 

SQL database auditing begins by capturing database events and writing them to an audit log in your Azure Storage account, OMS workspace, or Event Hub. The logging data may be very valuable for managing security and regulatory compliance, understanding database activity and patterns, and gaining insight into anomalies that may suggest possible security breaches.

Steps to reproduce :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s All Resources.
  3. In the Type filter select the value as SQL Servers and click Apply.
  4. Next, select the SQL Server that you want to examine.
  5. Click on Auditing under Security in the navigation pane.
  6. Check whether the Enable Azure Auditing button is enabled.
  7. If it is not enabled then server auditing is disabled.
  8. Repeat the same steps for other servers as well.

Steps for remediation :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s All Resources.
  3. In the Type filter select the value as SQL Servers and click Apply.
  4. Next, select the SQL Server that you want to examine.
  5. Click on Auditing under Security in the navigation pane.
  6. Check whether the Enable Azure Auditing button is enabled.
  7. If it is not enabled then server auditing is disabled.
  8. Click on the button to enable it and then click on Save.
  9. Repeat the same steps for other servers as well.

References :

Please feel free to reach out to support@pingsafe.com with any questions that you may have.

Thanks

PingSafe Support