Plugin Title Audit Retention Policy
Cloud AZURE
Category SQL Servers
Description Ensures that SQL Server Auditing retention policy is set to greater than 90 days
More Info Enabling SQL Server Auditing ensures that all activities are being logged properly, including potentially-malicious activity. Having a long retention policy ensures that all logs are kept for auditing and legal purposes.
AWS Link https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
Recommended Action Ensure that the storage account retention policy for each SQL server is set to greater than 90 days.


Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for SQL servers.
  3. On the "SQL server" page, select the SQL server that needs to be examine.
  4. On the selected "SQL server" page, scroll down the left navigation panel and select "Auditing" under the "Security."
  5. On the "Auditing configuration page", select the "Storage/Log Analytics/Event Hub" depending on what is used.
  6. On the "Storage settings" page, check the number of "Retention(days)". If this value is set to less than 90 then the selected "SQL server" don't have a proper long retention policy.
  7. Repeat steps number 2 - 6 to verify other "SQL servers" in the account.
  8. Navigate to "SQL servers", on the "SQL servers" page select the "SQL server", scroll down the left navigation panel and choose "Auditing" under the "Security."
  9. On the "Auditing configuration page", select the "Storage/Log Analytics/Event Hub" depending on what is used.
  10. On the "Storage settings" page, set the "Retention(days)" to 90 or more and save the changes.
  11. Repeat steps number 8 - 10 to ensure that the storage account retention policy for each SQL server is set to greater than 90 days.

Want to scan for this risk automatically?

Get Started Now