This build of IDERA SQL Compliance Manager includes many fixed issues, including the following updates.

4.5 New features

Supports SQL Server 2014

SQL Compliance Manager supports the use of SQL Server 2014. Note that SQL Compliance Manager requires the repository of the SQL Server version to be greater than or equal to the highest audited version, meaning that if you want to audit SQL Server 2012 and 2014 instances, your repository must be on SQL Server 2014 to support the highest version on your instances.

Supports Windows Server 2012 cluster deployment

This version of SQL Compliance Manager allows you to install in a Windows Server 2012 clustered environment. For more information about this feature, see Deploy SQL Compliance Manager in a Windows Server 2012 clustered environment.

Audit the local SQL Server instance running the Collection Server on a cluster

SQL Compliance Manager allows you to audit a virtual SQL Server instance including the local instance on a cluster running the Collection Server. For more information about auditing a virtual SQL Server instance, see Audit a virtual SQL Server instance.

Schedule automatic archives

SQL Compliance Manager now allows you to schedule automatic archiving. You can select from daily, weekly, or monthly options. This feature is disabled by default. You can enable this feature and manage these settings in the Archive Preferences window.

Specify archive database drive

When setting up archiving, you can specify the drive where you want SQL Compliance Manager to store the archive database. You can manage this location in the Archive Preferences window.

Receive alerts through SNMP

Users now can select to receive alerts as SNMP Trap messages to a specified destination network management console. For more information about creating a new event rule to includes SNMP Traps, see New Event Alert Rule wizard - Alert Actions tab.

Before-After data values display NULL when there is no value

After collecting data, if there is no before or after data available, SQL Compliance Manager displays "NULL" in the Before Value and After Value columns of the Event Properties window. For more information about Before-After data, see Audited Database Properties window - Before-After Data tab.

Supports PCI DSS v3

SQL Compliance Manager now supports Payment Card Industry Data Security Standard (PCI DSS) v3.0.

Improved table compression

The data type is changed in a number of highly-utilized tables from NTEXT to VARCHAR in an attempt to improve data compression.

Improved installation process

The SQL Compliance Manager installer now checks the permissions on the trace directory and the IDERA folders to ensure that the service account is appropriately added with full control permissions for processing.

Improved database usage regarding failed inserts

SQL Compliance Manager includes new code that allows it to reuse event IDs in the event of a failed data insert.

4.5 Fixed issues

  • SQL Compliance Manager includes new code regarding the threading library, making sure that all files in the trace directory are successfully processed. This fixes an issue that caused large trace file backlogs in the Collection Server.
  • The Administrative Activities Audit Option no longer re-enables automatically after disabled.
  • Users no longer receive an error when processing the trace file due to a limited column size in the table associated with Before-After Data.
  • Users upgrading from SQL Compliance Manager 3.7 to 4.3 no longer receive numerous file parsing errors.
  • This release fixes an issue causing incorrect dates to appear if you have SELECT and Sensitive Columns enabled in the Audited Database Properties window. Previously, if the Database SELECT operations check box on the Audited Activities tab, and the Sensitive Columns tab includes All Columns of the dbo.Customers table, the dates in the summary for the associated SQL Server instance were incorrect.
  • An issue that prevented new SQL Compliance Manager Agent files from processing after adding a second node to a clustered repository no longer occurs.
  • All failed integrity checks now includes specific events in the Details area of the Integrity Check Results window.
  • Users no longer experience missing registry keys after re-adding monitored SQL Server instances.
  • Adding an audited database to a monitored SQL Server instance no longer returns the server settings to default.
  • Providing read-only access to the SQLcompliance database no longer requires that the GUEST account be enabled.

4.3 New features

SQL Compliance Manager 4.3 now offers a Collection Server-only install

SQL Compliance Manager 4.3 now allows you to install the Collection Server and Repository only to support installing SQL Compliance Manager on a cluster.

4.3 Fixed issues

There are no fixed issues in this release.

4.2 New features

New Family Educational Rights and Privacy Act (FERPA) guideline

Apply the new FERPA regulatory guideline to ensure your audited databases meet the requirements of this legislation. You can apply this guideline through the CLI or through the Import Audit Settings feature in the Console.

FERPA was introduced in 1974. This federal law mandates the confidentiality and protection of student information in any educational institution that receives funding from the Federal Government from kindergarten through the university level. FERPA generally prevents an education agency or institution from sharing student records or personally identifiable information in those records with individuals who are not authorized to view that information. In some cases authorized individuals need to be monitored to deter insider theft and unauthorized dissemination of information.

New Sarbanes Oxley (SOX) guideline

Apply the new SOX regulatory guideline to immediately enforce the right auditing settings for sensitive financial data. Collect a detailed audit trail of all access to that data and then deliver reports that prove your compliance to auditors. You can apply this guideline through the CLI or through the Import Audit Settings feature in the Console.

SOX, also known as the Corporate and Auditing Accountability and Responsibility Act, was first introduced in 2002. This legislation was put in place as a response to the corporate and accounting scandals which cost investors billions of dollars. From an information technology standpoint, security professionals and database administrators must collectively implement policies and processes that audit permissions on, and access to, financial data as well data changes such as before and after values.

New CLI actions register instances and apply audit settings

Use the new command line interface (CLI) actions to quickly and easily register large numbers of SQL Server instances and immediately apply audit settings to the hosted databases. You can choose to apply the default audit settings, custom audit settings you have exported from another audited instance, or a regulation guideline.

4.2 Fixed issues

  • When the T-SQL query associated with an event cannot be parsed, SQL Compliance Manager now captures the SQL statement and indicates that it could not be parsed. This issue was mostly likely to occur when auditing sensitive column access.
  • The Details tab of the Event Properties window now displays the SQL statement that is issued to SQL Server before SQL Server performs its query parameterization. This code represents the initial T-SQL query executed by the user.

4.0 New features

Offers HIPAA compliance guideline support

Collect data that helps you align with nine Health Insurance Portability Accountability Act (HIPAA) citations and one HITECH requirement via an out-of-the-box, customizable template.

Includes PCI compliance templates

Use the new, customizable auditing templates to help you comply with eight Payment Card Industry Data Security Standards (PCI DSS) requirement guidelines.

Provides Regulation Guideline reporting

The Regulation Guidelines report includes details for all of the guidelines applied to the databases on the selected SQL Server instance.

Features a new SQL Compliance Manager Configuration Wizard for ease of use

The new SQL Compliance Manager Configuration Wizard allows you to use a single wizard to register SQL Server instances, deploy the SQLcompliance Agent, add databases for audit, configure your audit settings for selected regulatory guidelines, and more.

4.0 Fixed issues

  • SQL Compliance Manager now properly processes Grant statements.
  • An issue causing SQL Compliance Manager to record Create and Drop Index events as Alter User Table events no longer occurs.
  • SQL Compliance Manager now loads custom reports on the Archived Events page without requiring the user to select a filter.
  • SQL Compliance Manager now honors the DML/SELECT filters if you enable both Select auditing and Sensitive Column Auditing.
  • SQL Compliance Manager now properly applies event filters for instances using non-standard ports.

 

SQL Compliance Manager audits all activity on your server. Learn more > >
  • No labels