Quick Info
| Plugin Title | Monitor SQL Auditing |
|---|---|
| Cloud | AZURE |
| Category | Security Center |
| Description | Ensure that Monitor SQL Auditing is enabled in Security Center. |
| More Info | When this setting is Disabled, Security Center will ignore monitoring of unaudited SQL databases. |
| AWS Link | https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions |
| Recommended Action | 1. Go to Azure Security Center 2. Click on Security policy 3. Click on your Subscription Name 4. Look for the "Monitor SQL auditing" setting. 5. Ensure that it is not set to Disabled |
Detailed Remediation Steps
-
. Log into the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for Security Center.
- Scroll down the "Security Center" navigation panel and select the "Security policy" option under "POLICY & COMPLIANCE."
- On the "Policy Management" page under "Name" column select the "Subscription Name" that needs to be verified.
- On the "Security Policy" page scroll down the "Data" section and check the "Monitor unaudited SQL servers in Azure Security Center". If it's set to "Disabled" then "Monitor SQL Auditing" is not enabled on the selected "Subscription."
- Repeat steps number 2 - 5 to check other "Subscriptions" under the "Security Center."
- Navigate to the "Security Center", select the "Security policy" and under "Policy Management" seelct the "Subscription" that needs to enable the "SQL Auditing."
- Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings.
- Scroll down the page and under "Parameter" choose the "Monitor unaudited SQL servers in Azure Security Center" and select the "AuditIfNotExists" option from the dropdown menu and click on the "Save" button at the bottom to make the necessary changes.
- Repeat steps number 7 - 9 to ensures "Monitor SQL Auditing" is enabled in Security Center.