Aqua CSPM

Monitor SQL Auditing

Quick Info

Plugin TitleMonitor SQL Auditing
CloudAZURE
CategorySecurity Center
DescriptionEnsures that Monitor SQL Auditing is enabled in Security Center
More InfoWhen this setting is enabled, Security Center will monitor SQL databases.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions
Recommended ActionEnsure SQL auditing monitoring is configured for SQL databases from the Azure Security Center.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for Security Center.
  3. Scroll down the “Security Center” and select the “Security policy” option under the “Management” on left navigation panel.
  4. On the “Policy Management” page under “Name” column select the “Subscription Name” that needs to be verified.
  5. In the “Security Policy” page scroll down and click on the “Azure Security Benchmark”.
  6. In the “Azure Security Benchmark” click on the Next button.
  7. In the “Azure Security Benchmark”, check for the “Azure defender for SQL servers on machine should be enabled” Parameter and if it’s set to “Disable” then the encryption is not enabled.
  8. Repeat steps number 2 - 7 to check other “Subscriptions” under the “Security Center."
  9. Navigate to the “Security Center”, select the “Security policy” and under “Policy Management” seelct the “Subscription” that needs to enable the “SQL Auditing."
  10. Select the “Subscription” link under the “Security policy” at the top to get into the configuration settings.
  11. Scroll down the page and under “Parameter” choose the “Azure defender for SQL servers on machine should be enabled” and select the “AuditIfNotExists” option from the dropdown menu and click on the “Save” button at the bottom to make the necessary changes.
  12. Repeat steps number 9 - 11 to ensure “Monitor SQL Auditing” is enabled in Security Center.