Date: Thu, 28 Mar 2024 23:38:16 +0000 (UTC) Message-ID: <1874461182.69489.1711669096520@ip-10-0-1-26.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_69488_819984172.1711669096520" ------=_Part_69488_819984172.1711669096520 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Auditing your SQL Server instances and databases is the first st= ep in ensuring your SQL Server environment remains in continuous compliance= with federal and corporate security and privacy policies. You can also gen= erate reports on the audit data you collect, allowing you to demonstrate co= mpliance on demand. For more information, see Report on Audit Data.
Use the following checklist to help you prepare your environment to succ= essfully audit your SQL Server instances and databases. If you= plan to audit virtual SQL Servers running in Microsoft failover clusters= em>, see Audit a virtual SQL Server instance for detailed installat= ion and configuration tasks.
Gather the information necessary to set up your auditing.
:tick: | Task | Description | For more information ... |
---|---|---|---|
:tick: | Verify privileges on your Windows login account<= /td> | Ensure that your Windows login account has sysad= min privileges on all SQL Server instances you want to audit. | Permissions requirements |
:tick: | Review the list of auditable events | Review how the audit process works and which SQL= events you can audit. Note that you can audit events at the server or= database level. | = How auditing works |
:tick: | Identify the items you want to audit on your SQL= Server instances | Identify the audit settings you want to apply to= individual instances in your SQL Server environment. Thes= e settings should specify which server events you want to collect and repor= t. Remember that the more data you collect, the more overhead is required. = SQL Compliance Manager allows you to change your auditing settings at = any time to help you make sure you collect exactly what an auditor needs.= td> | Server-level audit settings |
:tick: | Identify the items you want to audit on your dat= abases | Identify the audit settings you want to apply to= individual databases in your SQL Server environment. Thes= e settings should specify which database events you want to collect and rep= ort. Remember that the more data you collect, the more overhead is required= . SQL Compliance Manager allows you to change your auditing settings a= t any time to help you make sure you collect exactly what an auditor needs.= | Database-level audit settings |
:tick: | Identify excluded events | Identify any events you want to exclude from you= r audit data. | Event= Filters |
Register your SQL Server instances.
:tick: | Task | Description | For more information ... |
---|---|---|---|
:tick: | Register your SQL Server instances | Register each SQL Server instance that hosts the= databases you want to audit. | Register your SQL Servers |
Enable auditing.
:tick: | Task | Description | For more information ... |
---|---|---|---|
:tick: | Enable server-level auditing | If you want to audit your SQL S= erver instances, enable auditing at the server level. | Enable auditing on a SQL Server |
:tick: | Enable database-level auditing | If you want to audit your databases<= /strong>, enable auditing at the database level. | Enable auditing on a database |
Apply regulation guidelines.
:tick: | Task | Description | For more information ... |
---|---|---|---|
:tick: | Apply regulation guidelines | Apply regulation guidelines to the appropriate a= udited databases. | Comply with specific regulations |
Configure filters and test your settings.
:tick: | Task | Description | For more information ... |
---|---|---|---|
:tick: | Configure Event Filters | Configure the appropriate Event Filters, dependi= ng on which event category you want to exclude from your audit data. | Event= Filters |
:tick: | Test your audit settings | Test your audit settings to ensure you will coll= ect the SQL Server events you need. | Test your audit settings |
Monitor your settings.
:tick: | Task | Description | For more information ... |
---|---|---|---|
:tick: | Monitor event collection and adjust if necessary= | Monitor how many events are collected on a daily= basis. Depending on the growth rate of your audit data, consider creating = Event Filters to better manage audit data in large environments. | Event= Filters |
:tick: | Monitor the Repository database growth | Monitor the growth of the SQL Compliance Manager= Repository databases. If the databases are growing too fast, change your auditing settings to limit growth and optimize per= formance. | Reduce audit data to optimize performance |
:tick: | Determine whether you need alerts | Determine whether you need to alert on the event= s you are collecting. SQL Compliance Manager allows you to build rules that= provide real-time alert notifications to help you quickly identify and res= olve security issues. | Alert on Audit Data and Status |
:tick: | Determine whether you need to capture before-and= -after object values | If you are auditing DML activity, determine whether you want to capture the value of the database= object before and after a specific transaction. | Audited Database Properties window = - Before-After Data tab |
:tick: | Determine who needs access rights to administer = or report on audit data | Determine which SQL users should have access rig= hts to administer or report on audit data. This security feature is importa= nt as both sensitive and audit data should be secure. | S= ecure Audit Data |
Implement reports.
:tick: | Task | Description | For more information ... |
---|---|---|---|
:tick: | Review report implementation | Review how you can implement Reports in your SQL= Server environment using SQL Server Reporting Services. | Report on Audit Data |
Archive events.
:tick: | Task | Description | For more information ... |
---|---|---|---|
:tick: | Archive collected events | Configure how you want SQL Compliance Manag= er to archive audit data. Note that SQL Compliance Manager c= reates an archive database for each registered SQL Server instance. | Archive collected events |