Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Configure the Policy window  section allows you the define the security checks this policy should use to evaluate your audit data.

Security checks assess the vulnerability of specific Windows OS and SQL Server objects , SQL Server objects, Azure and Amazon environments based on your criteria. Each policy has a predefined number of enabled security checks, however the user can remove or add security checks in this section.

Image Added

The list of security checks is separated by the following groups according to the type of evaluation they perform:

Info

Define criteria on the Security Checks that require it; otherwise, you cannot go back nor continue with the creation of a policy.

Note

When security checks are setup for your policies, it is important that accurate criteria is entered. For example, a typo in the Windows Operating System Version metric criteria could cause erroneous findings. 


After security checks are configured and your SQL Server instances are assigned to the policy, you can view the assessment results on the Security Summary view and on the Risk Assessment Report report.

In addition, you can configure email notifications to be sent out when a particular risk level has been passed. For more information, see Configure Email Notifications.

...

Configure check settings

 When you select security checks

...

, you can configure the check settings on the right side of this window. Below the Name and Description of the respective security check you can find the following fields:

Report Text

This text displays on your policy reports, such as the Risk Assessment report. By default, SQL Secure provides a report text question for each security check. You can edit this question so that it better fits to better fit it to your audit reporting needs.

...

This option allows you to set the severity of the risk posed by for this security check finding. The risk level is important because it reflects how severe or risky a particular security finding is for your environment, allowing you to further customize security checks to meet your exact auditing needs. For example, finding an enabled Guest account on one instance may be a high risk, but on another instance it may be a low risk. The risk level also determines where the corresponding security finding appears on the policy or assessment Report Card and whether or not email notifications will be sent.

...

Some security checks allow you to configure the assessment criteria, such as specific user accounts, stored procedures, or the login audit level. Text entered in this field must use the exact spelling of the object being checked. If the criteria for this check Use the option Edit and a new window opens where you can specify multiple criteria items (one per line). To delete any previous specified criteria, click the corresponding item, and then Remove. 

Note

 If criteria for security checks is entered incorrectly, it may fail to correctly display its finding in the Report Card.

Infotip

Some security check criteria support using the percent wildcard character (%) to specify objects whose names apply a naming convention. For example, to specify all users whose logon starts with sql , enter the following syntax:  domain\sql% .

Even though you are creating a policy "from scratch", SQL Secure has enabled several common security checks you may need, to help you configure your policy quickly and easily. These security checks are also included in the default All Servers policy. You can add, edit, or disable any security check as needed.

Info

By default, the All Servers policy enforces the Idera Level 2 - Balanced template. For more information, see how policy templates can help you achieve your SQL Server security goals.

The Import Settings option allows you to import security check definitions from either a built-in policy template or an existing policy whose settings you previously exported.

 

SQL Secure tells you who has access to what on your SQL Server databases. Learn more > >

Click Next to go to the Assign SQL Servers to the Policy section. 

Scroll PDF Exporter Ignore
Excerpt
Newtabfooter
aliasIDERA
urlhttp://www.idera.com
|
Newtabfooter
aliasProducts
urlhttps://www.idera.com/productssolutions/sqlserver
|
Newtabfooter
aliasPurchase
urlhttps://www.idera.com/buynow/onlinestore
|
Newtabfooter
aliasSupport
urlhttps://idera.secure.force.com/
|
Newtabfooter
aliasCommunity
urlhttp://community.idera.com
|
Newtabfooter
aliasResources
urlhttp://www.idera.com/resourcecentral
|
Newtabfooter
aliasAbout Us
urlhttp://www.idera.com/about/aboutus
|
Newtabfooter
aliasLegal
urlhttps://www.idera.com/legal/termsofuse