Azure SQL Database must initiate session auditing upon startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-255328 | ASQL-00-004700 | SV-255328r879562_rule | Medium |
| Description |
|---|
| Session auditing is for use when a user's activities are under investigation. To ensure capture of all activity during those periods when session auditing is in use, it needs to be in operation for the whole time Azure SQL Database is running. |
| STIG | Date |
|---|---|
| Microsoft Azure SQL Database Security Technical Implementation Guide | 2023-06-12 |
Details
| Check Text ( C-59001r871108_chk ) |
|---|
| When Audits are enabled, they start up when the audits are enabled and remain operating until the audit is disabled. Check if an audit is configured and enabled. To determine if session auditing is configured and enabled, follow the instructions below: Run this TSQL command to determine if SQL Auditing is configured and enabled: SELECT * FROM sys.database_audit_specifications where (name = 'SqlDbAuditing_ServerAuditSpec' or name = 'SqlDbAuditing_AuditSpec') and is_state_enabled = 1 All currently defined audits for the Azure SQL Database instance will be listed. If no audits are returned, this is a finding. |
| Fix Text (F-58945r877242_fix) |
|---|
| Deploy an Azure SQL Database audit. Refer to the supplemental file "AzureSQLDatabaseAudit.txt" PowerShell script. Reference: https://docs.microsoft.com/en-us/powershell/module/az.sql/set-azsqlserveraudit |