question

Anon4343-7573 avatar image
0 Votes"
Anon4343-7573 asked NavtejSaini-MSFT answered

Azure SQL Database and Azure SQL Manage Instance Auditing Software

Hello,

Can anyone recommend a good auditing software for Azure SQL Database and Azure SQL Managed Instance? We're looking to audit DDL and permission changes at the database, object, and instance levels. The software that I've found either does not support these technologies or has a limited feature set. We're looking to be able to generate reports on demand of current permissions and emailed reports of daily changes.

Thanks.

azure-sql-database
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Anon4343-7573

Have you looked at the Auditing as part of the Azure SQL and Azure Log Analytics on top the same. Here is the document discussing the same.

Please check and let us know if you need any further help or need questions answered.

Regards
Navtej S


0 Votes 0 ·

Navtej, is there a particular advantage for choosing to store the SQL Audit logs in either Azure Monitor or an Azure storage account? I'm also having a hard time finding information on how to generate daily report emails.

0 Votes 0 ·

Thank you Navtej, I did see this and appeared to be a great way to enable the logs. I am having trouble envisioning how an easy to read daily report can be generated and emailed daily as an audit sign off. Can an immediate email be sent when a permission is changed? Is there a way to view a snapshot of permissions by user and group from instance level down to object level?

I guess I would need to see a PoC to determine whether it will work for us. When I looked at this last year, it appeared that all of the queries need to be developed and the knowledge of what needs audited is required. Many software packages already have done this work for you and you can be more confident that the server is being audited properly.

0 Votes 0 ·

1 Answer

NavtejSaini-MSFT avatar image
0 Votes"
NavtejSaini-MSFT answered

@Anon4343-7573

You can send the email through setting up of alerts in Azure Monitor - AzureSQL and Azure Managed Instance,

You can use the Log Analytics to run the queries in the Azure Monitor and then set up the alerts as well. I would definitely recommend doing the POC for testing this.

Let me know if you need any further information.

Regards
Navtej S


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Anon4343-7573 Please let us know if you need further help regarding this.

0 Votes 0 ·

I'm not sure yet. I've had to open a ticket with Microsoft because the security audit events aren't outputting to Azure Monitor. Once I can generate events, I can try creating alert emails based on queries. I am worried that the alerts are triggered based on a new event being created rather than being able to email a report of events generated in the last 24 hours.

0 Votes 0 ·