Triage and Remediation
Remediation
Using Console
Using Console
To remediate the “Monitor SQL Auditing setting is not enabled” misconfiguration in Azure using the Azure console, you can follow these steps:
- Log in to the Azure portal and navigate to the SQL Server that you want to remediate.
- Click on “Auditing” under the “Security” section in the left-hand menu.
- Click on “Enable Auditing” at the top of the page.
- In the “Auditing settings” section, select the database(s) that you want to audit.
- Choose the events that you want to audit by selecting the appropriate checkboxes.
- Choose the storage account where you want to store the audit logs.
- Click on “Save” to enable auditing.
- Once auditing is enabled, you can view the audit logs by clicking on “Audit logs” under the “Security” section in the left-hand menu.
- Verify that the audit logs are being generated properly.
Using CLI
Using CLI
To remediate the “Monitor SQL Auditing setting is not enabled” misconfiguration in Azure using Azure CLI, follow these steps:Replace the placeholders with the appropriate values:This will display the current audit policy settings for the SQL Server. Check that the
- Open the Azure CLI on your local machine or use the Azure Cloud Shell.
- Connect to your Azure account using the following command:
- Once you are logged in, select the Azure subscription where the SQL Server resides:
- Enable the SQL Auditing setting using the following command:
<storage_account_name>: The name of the storage account where the audit logs will be stored.<storage_account_key>: The access key for the storage account.<storage_account_endpoint>: The endpoint for the storage account.<number_of_days>: The number of days to retain the audit logs.<resource_group_name>: The name of the resource group where the SQL Server resides.<sql_server_name>: The name of the SQL Server.
- Verify that the SQL Auditing setting is enabled by running the following command:
state property is set to Enabled.Once you have completed these steps, the “Monitor SQL Auditing setting is not enabled” misconfiguration should be remediated in Azure.Using Python
Using Python
To remediate the “Monitor SQL Auditing setting is not enabled” misconfiguration for Azure using Python, you can use the Azure SDK for Python. Here are the steps to follow:These steps should help you remediate the “Monitor SQL Auditing setting is not enabled” misconfiguration for Azure using Python.
- Install the Azure SDK for Python using pip:
- Import the necessary modules:
- Set up the credentials to authenticate to Azure:
- Create a SqlManagementClient object:
- Check if SQL auditing is enabled:
- Remediate the misconfiguration by enabling SQL auditing:
- Verify that SQL auditing is now enabled: