Azure SQL Database must generate audit records when concurrent logons/connections by the same user from different workstations occur.

An XCCDF Rule

Description

For completeness of forensic analysis, it is necessary to know how long a user's (or other principal's) connection to the Azure Database lasts. This can be achieved by recording disconnections, in addition to logons/connections, in the audit logs. Disconnection may be initiated by the user or forced by the system (as in a timeout) or result from a system or network failure. To the greatest extent possible, all disconnections must be logged.

ID: SV-255372r961830_rule
Version: ASQL-00-015100
Severity: Medium
References: CCI-000172
Updated: 24 days ago

Remediation Templates

Deploy an Azure SQL Database audit.

Refer to the supplemental file "AzureSQLDatabaseAudit.txt" PowerShell script.

Reference: 
https://docs.microsoft.com/en-us/powershell/module/az.sql/set-azsqlserveraudit">https://docs.microsoft.com/en-us/powershell/module/az.sql/set-azsqlserveraudit

Azure SQL Database must generate audit records when concurrent logons/connections by the same user from different workstations occur.

Description

Remediation Templates

A Manual Procedure