More Info:
Configure the ‘AuditActionGroups’ property to appropriate groups to capture all the critical activities on the SQL Server and all the SQL databases hosted on the SQL server.Risk Level
MediumAddress
Reliability, SecurityCompliance Standards
HITRUST, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration related to AuditActionGroups in Azure, please follow the below steps:
- Login to the Azure portal (https://portal.azure.com/).
- Go to the Azure Active Directory service.
- Select the “Audit logs” option under the Monitoring section.
- In the Audit logs blade, click on the “Diagnostic settings” option.
- Select the diagnostic setting that needs to be remediated.
- In the “Diagnostic settings” blade, scroll down to the “Categories” section.
- In the “Categories” section, ensure that the “AuditLogs” option is selected.
- Under the “AuditLogs” option, select the “Select specific actions” radio button.
- In the “Select specific actions” section, ensure that all the required AuditActionGroups are selected.
- Click on the “Save” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of AuditActionGroups in auditing for AZURE using AZURE CLI, follow these steps:
- Open the AZURE CLI on your local machine or use the AZURE Cloud Shell.
-
Run the following command to get the current configuration of AuditActionGroups:
- Check the output of the above command to see if AuditActionGroups are set properly. If not, proceed to the next step.
-
Run the following command to set the AuditActionGroups:
Replace
<comma separated list of action groups>
with the appropriate list of action groups. For example, if you want to set the AuditActionGroups to “Write”, “Delete”, and “Action”, the command would be: -
Verify the configuration by running the first command again:
The output should now show the updated list of AuditActionGroups.
Using Python
Using Python
To remediate the misconfiguration of AuditActionGroups in Azure using Python, follow the below steps:By following these steps, you can remediate the misconfiguration of AuditActionGroups in Azure using Python.
- Import the necessary libraries:
- Set the credentials:
- Initialize the MonitorManagementClient:
- Get the existing AuditActionGroups:
- Update the AuditActionGroups:
- Verify the updated AuditActionGroups: