Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Azure > SQL Server >

Audit Retention Policy

MEDIUM
Source
CloudSploit
ID
audit-retention-policy
management console

Audit Retention Policy

Ensures that SQL Server Auditing retention policy is set to greater than 90 days

Enabling SQL Server Auditing ensures that all activities are being logged properly, including potentially-malicious activity. Having a long retention policy ensures that all logs are kept for auditing and legal purposes.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the Microsoft Azure Management Console.

  2. Select the “Search resources, services, and docs” option at the top and search for “SQL servers”. Step

  3. On the “SQL server” page, select the SQL server that needs to be examined. Step

  4. On the selected “SQL server” page, scroll down the left navigation panel and select “Auditing” under “Security”.Step

  5. On the “Auditing” page, scroll down to “Audit log destination” and click on Advanced properties" under “Storage”. Step

  6. If the Retention (Days)is set to zero then audit logs are not being retained.Step

  7. To ensure that the storage account retention policy for each SQL server is set to greater than 90 days, drag the slider or type 365 in the text box.Step

  8. Click on “Save” at the top to make the necessary changes.Step

  9. Repeat steps 3-8 to ensure that SQL Server Auditing retention policy is set to greater than 90 days.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use