Enabling auditing at the server level ensures that all existing and newly created databases on the SQL server instance are audited. Auditing tracks database events and writes them to an audit log in the Azure storage account. It also helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
ASSOCIATED DRATA CONTROL
This test is part of DCF-406 and DCF-407.
WHAT TO DO IF A TEST FAILS
If Drata finds that one or more Azure SQL servers has auditing disabled, the test will fail.
Enabling auditing at the server level ensures that all existing and newly created databases on the SQL server instance are audited. Auditing tracks database events and writes them to an audit log in the Azure storage account. It also helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
Note: Only available for Azure.
STEPS TO REMEDIATE
Go to SQL servers.
Select a SQL server instance that's failing this test.
Under Security, click Auditing.
Click the toggle next to Enable Azure SQL Auditing.
Select an Audit log destination of either Log Analytics, Event Hub, and/or Blob Storage.
Click Save.
Repeat for each failing SQL server instance.
Center for Internet Security (CIS)
This is a test that aligns with the Center for Internet Security’s (CIS) benchmarks for Microsoft Azure, providing prescriptive guidance to establish a secure baseline configuration for Azure environments. These benchmarks are developed through a global, consensus-driven process involving cybersecurity experts to help organizations strengthen their defenses against potential threats in the cloud.