Auditing Disabled for SQL Servers

More Info:

Enable auditing for all SQL Servers.

Risk Level

Medium

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP, HIPAA, ISO27001, HITRUST, SOC2, NISTCSF, PCIDSS

Triage and Remediation

Remediation

Using Console

Using CLI

Here are the step-by-step instructions to remediate the issue of auditing disabled for SQL Servers on Azure using Azure CLI:

Open the Azure CLI on your local machine or Azure Cloud Shell.
Login to your Azure account using the following command:

az login

Once you are logged in, select the Azure subscription that contains the SQL Server you want to remediate:

az account set --subscription <subscription_id>

Next, check the current auditing status of the SQL Server using the following command:

az sql server audit-policy show --resource-group <resource_group_name> --server <server_name>

If auditing is disabled, you can enable it by running the following command:

az sql server audit-policy update --resource-group <resource_group_name> --server <server_name> --state Enabled --storage-account <storage_account_name> --storage-key <storage_account_key> --storage-endpoint <storage_account_endpoint>

Note: Replace <resource_group_name>, <server_name>, <storage_account_name>, <storage_account_key>, and <storage_account_endpoint> with the appropriate values for your environment.

After running the command, wait for a few minutes to allow the changes to propagate.
Finally, verify that auditing is now enabled for the SQL Server using the following command:

az sql server audit-policy show --resource-group <resource_group_name> --server <server_name>

That’s it! You have successfully remediated the misconfiguration of auditing disabled for SQL Servers on Azure using Azure CLI.

Using Python

To remediate the issue of auditing being disabled for SQL Servers in Azure using Python, you can use the Azure SDK for Python. Here are the step-by-step instructions:

Install the Azure SDK for Python using pip:

pip install azure-mgmt-sql

Import the necessary modules:

from azure.identity import DefaultAzureCredential
from azure.mgmt.sql import SqlManagementClient

Authenticate using the default Azure credentials:

credential = DefaultAzureCredential()
subscription_id = 'YOUR_SUBSCRIPTION_ID'
resource_group_name = 'YOUR_RESOURCE_GROUP_NAME'
server_name = 'YOUR_SQL_SERVER_NAME'

Create a SqlManagementClient object:

sql_client = SqlManagementClient(credential, subscription_id)

Enable auditing for the SQL Server:

from azure.mgmt.sql.models import ServerSecurityAlertPolicy, SecurityAlertPolicyState
security_alert_policy = ServerSecurityAlertPolicy(state=SecurityAlertPolicyState.enabled)
sql_client.server_security_alert_policies.create_or_update(resource_group_name, server_name, security_alert_policy_name='default', parameters=security_alert_policy)

Verify that auditing has been enabled by checking the current state of the security alert policy:

current_security_alert_policy = sql_client.server_security_alert_policies.get(resource_group_name, server_name, security_alert_policy_name='default')
print(current_security_alert_policy.state)

These steps will enable auditing for the specified SQL Server in Azure using Python.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Auditing Disabled for SQL Servers

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation