Azure SQL Database must initiate session auditing upon startup.
An XCCDF Rule
Description
<VulnDiscussion>Session auditing is for use when a user's activities are under investigation. To ensure capture of all activity during those periods when session auditing is in use, it needs to be in operation for the whole time Azure SQL Database is running.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-255328r960888_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Deploy an Azure SQL Database audit.
Refer to the supplemental file "AzureSQLDatabaseAudit.txt" PowerShell script.
Reference:
https://docs.microsoft.com/en-us/powershell/module/az.sql/set-azsqlserveraudit