...
Warning |
---|
IDERA, Inc. customers have the sole responsibility to ensure their are solely responsible for ensuring compliance with the laws and standards affecting their business. IDERA, Inc. does not represent that its products or services ensure that customer is in compliance with any law. It is the responsibility of the customer to obtain legal, accounting, or audit counsel as to the necessary business practices and actions to comply with such laws. |
...
6.
...
2 New Features
...
Quality Enhancements
Collection Service Multithread Event File Capture Processing
SQL Compliance Manager 5.9 improved the event file capturing mechanism by enabling parallel event file processing performed by the Collection Service. Before the SQL Compliance Manager 5.9 release, several areas appeared to be functioning single-threaded. With the SQL Compliance Manager 5.9 release, the Collection Service can now process multiple files simultaneously. This change enhances the performance and scalability of SQL Compliance Manager and significantly lowers the impact on the monitored systems while maintaining data integrity.
Console Application Performance Improvements
SQL Compliance Manager 5.9 improved the console application response state to avoid and eliminate areas that caused "Non-Responding" conditions. In addition, streamlining the SQL Compliance Manager index structure and query efficiency improved the console application's response time significantly, resulting in a quicker response time. These enhancements reduce latencies and improve the overall usability of the SQL Compliance Manager console.
Enhanced Report and Console Performance with Large Repositories
SQL Compliance Manager 5.9 improved upon reports and console performance for large repositories by modifying the SQL Compliance Manager repository index structure and query efficiency to refine the console application response time. As a result, the SQL Compliance Manager console application presents a faster response time when running Reports with the index structure and query improvements. For more information, visit the Index rebuild operation page.
Inheritance Mechanism Adjustments
SQL Compliance Manager version 5.9 introduces a more simplified inheritance mechanism by providing users with flexible customization options when configuring the audit activities settings for both the Server-Level and the Database-Level audit settings. Users can now audit Server-Level audit activities and have unique settings configured separately at the Database-Level in case needed.
The Database-Level Privileged Users settings are dependent on the Server-Level Privileged Users settings and the Audited Activity settings. In SQL Compliance Manager 5.9, whenever Privileged Users are set on the Server-Level, they are automatically displayed on the Database-Level Privileged Users as pre-selected Privileged Users and can only be edited at Server-level. Visit the Audited Database Properties window - Privileged User tab for more information.
Alerts
Timeframe Configuration
SQL Compliance Manager 5.9 introduces a new addition to the alert rules wizard by including the new timeframe configuration feature, allowing users to specify alerts to trigger only for certain rules and for certain specific timeframes. In addition, to help users capture what matters the most, SQL Compliance Manager 5.9 adds a new screen to the Alert Rule wizard where users can decide to keep the alert rule active within a specified time and for specific days. For more information, visit the Alert Rule Timeframe tab.
SQL Compliance Manager 5.9 improved the alert rules wizard by including the ability to limit the number of notification alerts sent via email by setting up a time interval to receive email alerts with a summarized list of the accumulated alerts which occurred during the selected time interval. For more information, visit the Alert Actions tab.
5.9 Fixed Issues
Enhanced User Experience with Email and Summary NotificationsSQL Compliance Manager 6.2 improved to determine if an Alert Rule has been configured as 'Email Notification' or 'Email Summary Notification', users no longer are required to edit the alert rule. The rule description has been enhanced to make it convenient to distinguish between the two without the need for alert rule modifications.
Command Line Interface (CLI) EnhancementSQL Compliance Manager 6.2 upgraded to provide a CLI command line for registering a server, grooming, archiving, and verifying audit data integrity - version 6.2 is now augmented with CLI for enabling and disabling auditing servers.
ReportsSQL Compliance Manager 6.2 improved and added the number of rows at the end of the reports to ease access to the information contained in each report.
Security Enhancements
EncryptionSQL Compliance Manager 6.2 enhanced security by deploying a strong Advanced Encryption Standard (AES) algorithm to meet the latest high standards of our large enterprise customers. The Advanced Encryption Standard (AES) is an algorithm that uses the same key to encrypt and decrypt protected data. Instead of a single round of encryption, data is put through several rounds of substitution, transposition, and mixing to make it harder to compromise.
6.2 Fixed Issues
- DDL, DML, and DROP events are correctly shown in the "Audit Events" tab after performing the DDL action on the "Sensitive Column" when using the "via Audit Logs" collection method.
- Audit events for "insert" are accurately being recorded for Sensitive columns with "select and DML activity" enabled.
- Resolved the issue where Trace events were not being correctly captured for "delete from <table>" audit events when sensitive columns with "select and DML activity" were configured.
- Fixed an issue where the number of Logout events captured was significantly more than the number of Login events.
- Resolved the issue where a warning message was displayed in the Event Viewer after execution of the trace file out to the collection Server for processing.
- Fixed an issue where the "Delete" DML events were shown twice after executing a single "Delete" query on the "Sensitive Columns" table when "Trace" or "Audit Logs" collection methods were used.
- Resolved the issue where the events table integrity check did not detect changes done on hash columns.
- The “SQL Statement” content is correctly displayed in the “Event Properties” after executing the DDL query if the “via SQL server Audit specification” is used.
- Resolved the issue where the "+" icon was missing for the DDL column-sensitive event in the "Audit Events" tab.
- Addressed an issue where the layout was broken for reports downloaded in PDF and TIF formats.
- Resolved an issue where Events were not captured as expected with Extended Events and SELECT auditing was enabled.
- Fixed the issue where the Bin file was not getting updated for the Privileged User set up through a domain group at the server level.
- Resolved an issue where "Unknown Publisher" was displayed in the "User Account Control" when installing SQLCM.
- Addressed an issue where an error message would come up when trying to import audit settings.
Anchor |
---|
SQLCM-6385 | SQLCM-6385 | Exporting Audit Settings now successfully includes an export of the Server Level Trusted Users configured. Anchor |
---|
SQLCM-6259 | SQLCM-6259 | Resolved the issue where the SQL Server Properties window displayed the version as Unknown for registered SQL Server 2019 instances. Now, the correct version is shown. Anchor |
---|
SQLCM-6407 | SQLCM-6407 | Resolved the issue where auditing stopped working when a user-configured Sensitive Column auditing without first selecting the DML or SELECT option caused the SQLcompliance Agent to have problems creating the sp_SQLcompliance_AuditXE stored procedure. Anchor |
---|
SQLCM-6277 | SQLCM-6277 | Resolved the issue and now events get captured for sensitive columns when Select and DML are enabled at the database level Audited activities on fresh and upgraded setups. Anchor |
---|
SQLCM-6463 | SQLCM-6463 | The DML Activity (Before-After) report shows accurate results regardless of the collection method being set to Extended Events or SQL Tracing. Anchor |
---|
SQLCM-6460 | SQLCM-6460 | The DML\SELECT filters are now working correctly when auditing SQL Server 2019 and no longer prevent DML and SELECT activities from being audited accordingly. Anchor |
---|
SQLCM-6457 | SQLCM-6457 | The following error is no longer observed when attempting to run DML changes on a table configured for Before-After auditing in the software. "The DELETE permission was denied on the object 'SQLcompliance_Changed_Data_Table'."
Anchor |
---|
SQLCM-6379 | SQLCM-6379 | The retention period of the Activity Log is now configurable. It is set to a default of 60 days which can be modified in the SQLcomplianceCollectionService.exe.config file, in the MAX_ACTIVITY_LOGS_AGE flag. Anchor |
---|
SQLCM-6376/6365 | SQLCM-6376/6365 | Console loading times are faster now at both console startup and when navigating to the Audit Events view of the audited server or database. Anchor |
---|
SQLCM-6370 | SQLCM-6370 | Event details on INSERT and DELETE events, audited not as INSERT INTO or DELETE FROM executions, are no longer missing the Target Object Name information, showing the name of the database object affected by the audited DML change. Anchor |
---|
SQLCM-6349 | SQLCM-6349 | Reports deployed to SQL Server Reporting Services now show corresponding logins in the Login dropdown filter when these are set to run against an archived database. Anchor |
---|
SQLCM-6223 | SQLCM-6223 | Reports no longer show a syntax error when executed either from the console application or SQL Server Reporting Services. Anchor |
---|
SQLCM-6149 | SQLCM-6149 | The permissions check for the SQL Server service account permissions on the Agent Trace Files folder no longer fails when the SQL Server is running under the NETWORK SERVICE service account. Anchor |
---|
SQLCM-6327/6193 | SQLCM-6327/6193 | Data types have been updated in the tables saving Before-After data to prevent the tables from filling up with event data too soon. This would have prevented new events from processing otherwise, as a result. Anchor |
---|
SQLCM-6367 | SQLCM-6367 | The console application logging is no longer showing a collation conflict error, as shown below: "Cannot resolve the collation conflict between "SQL_Latin1_General_CP1_CI_AS" and "Latin1_General_CI_AS" in the equal to operation."
For more information about new features and fixed issues in versions 5.8.x, see version 6.1, see Previous new features and fixed issues.
...