Automated notification of suspicious activity detected in the audit trail should be implemented.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15102 | DG0083-SQLServer9 | SV-24234r1_rule | ECRG-1 | Medium |
| Description |
|---|
| Audit record collection may quickly overwhelm storage resources and an auditor's ability to review it in a productive manner. Automated tools can provide the means to manage the audit data collected as well as present it to an auditor in an efficient way. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-17014r1_chk ) |
|---|
| Review automated tool usage for reporting of audit trail data. If automated tools are not used, this is a Finding. Automated DBMS jobs and/or procedures may be used to produce the periodic reports where supported by the DBMS. |
| Fix Text (F-24522r1_fix) |
|---|
| Develop, document and implement database or host system procedures to report audit trail data in a form usable to detect unauthorized access to or usage of DBMS privileges, procedures or data. |