The Create Policy wizard allows you to add a custom policy to IDERA SQL Secure. As a part of this wizard, you will name the policy, select the security checks and their associated risk levels, assign the SQL Server instances you want to assess, and specify additional internal review notes to include in the Risk Assessment report. When you create a policy, you can choose one of the built-in templates based on known industry regulations and best-practices.
To open the Create Policy wizard, click Create a Policy on the Policy Actions ribbons of any of the tabs of the Security Summary view.
Individual SQL Server instances can belong to multiple security policies. For more information on adding SQL Server instances to a policy, see Assign SQL Servers to Policy.
When you open the Create Policy wizard you need to configure the following actions:
- Select policy template
- Specify policy properties
- Select Security Checks
- Assign SQL Servers to policy
- Schedule Policy Snapshots
- Enter internal review notes
- Review policy summary
How policies work
By default, SQL Secure assesses the latest audit data for each SQL Server instance, using the policy's security check criteria to identify issues. You can also choose to assess audit data from a historical point in time.
Review the policy assessment in the following ways:
Security Summary
The Enterprise and Server Security Summary displays the results of your policy assessments.
Reports
You can run reports, such as the Risk Assessment report, on the policy or on specific SQL Server instances.
Email Notifications
You can configure email notifications to be sent, at each scheduled snapshot, when security risks are encountered.