Auditing Disabled for SQL Databases

More Info:

Enable auditing for all SQL Databases.

Risk Level

Medium

Address

Security, Operational Maturity

Compliance Standards

HITRUST, SOC2, NISTCSF, PCIDSS

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the “Auditing Disabled for SQL Databases” misconfiguration in Azure using Azure CLI, follow these steps:

Open Azure CLI and login to your Azure account using the command:

az login

Once you are logged in, set the default subscription where your SQL databases are located using the command:

az account set --subscription <subscription_name>

Enable auditing for the SQL server by running the following command:

az sql server audit-policy update --state Enabled --storage-account <storage_account_name> --storage-key <storage_account_key> --storage-endpoint <storage_account_endpoint> --retention-days <retention_period> --resource-group <resource_group_name> --server <sql_server_name>

Note: Replace the placeholders with actual values for storage account name, storage account key, storage account endpoint, retention period, resource group name, and SQL server name.

Once the command is executed successfully, auditing will be enabled for the SQL server and all the databases under it.
Verify the status of auditing by running the following command:

az sql server audit-policy show --resource-group <resource_group_name> --server <sql_server_name>

This command will display the current audit policy for the SQL server and its databases.

Repeat the above steps for all the SQL servers in your Azure environment to ensure that auditing is enabled for all the databases.

By following the above steps, you can remediate the “Auditing Disabled for SQL Databases” misconfiguration in Azure using Azure CLI.

Using Python

To remediate the issue of auditing disabled for SQL databases in Azure, you can use the following Python code:

First, import the necessary libraries:

from azure.identity import DefaultAzureCredential
from azure.mgmt.sql import SqlManagementClient

Next, authenticate and create a SQL management client object:

credential = DefaultAzureCredential()
sql_client = SqlManagementClient(credential, subscription_id)

Get the list of SQL servers in your subscription:

servers = sql_client.servers.list()

For each server, get the list of databases and enable auditing for each database:

for server in servers:
    databases = sql_client.databases.list_by_server(resource_group_name, server.name)
    for database in databases:
        database_properties = sql_client.databases.get(resource_group_name, server.name, database.name)
        database_properties.auditing_policy.state = "Enabled"
        database_properties.auditing_policy.is_azure_monitor_target_enabled = True
        sql_client.databases.create_or_update(resource_group_name, server.name, database.name, database_properties)

This code will iterate through all the SQL servers in your subscription, and for each server, it will enable auditing for all the databases and set Azure Monitor as the target. This will remediate the issue of auditing disabled for SQL databases in Azure.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Auditing Disabled for SQL Databases

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation