Page History

...

IDERA SQL Compliance Manager 5.5 .x includes and later include support for event handling with SQL Server Extended Events. This optional feature is available for use in auditing instead of using SQL Trace. Running Extended Events offers a performance improvement over the default SQL Trace audit event gathering system and is available for instances running SQL Server 2012 and later. For more information about using the Extended Events option, see Using SQL Server Extended Events.

...

IDERA SQL Compliance Manager 5.5 .x includes and later include support for event handling with SQL Server Audit Logs. This optional feature is available for use in auditing as an alternative to using SQL Server Extended Events or SQL Trace. Auditing via Audit Logs offers the ability to track your alerts for Agents running SQL Server 2017 and later. For more information about using the Audit Logs option, see Using SQL Server Audit Logs. 

...

Trusted users are SQL Server logins and members of SQL Server roles that you trust to read, update, or manage a particular audited database or an entire server. As these users are trusted, the events generated by accounts are removed by the SQL Compliance Manager Agent from the audit trail before sending the trace file to the Collection Server for processing.

...

When you designate trusted users, consider limiting your list to a few specific logins. This approach optimizes event processing performance and ensures you filter the intended accounts. Keep in mind that Server-level Trusted Users apply across all databases for that server, where the Database-level only applies to a particular database. For more information, see the Configuration wizard - Trusted Users window and the Registered SQL Server Properties window - Trusted User tab. 

In comparison, privileged users are SQL Server logins and members of SQL Server roles that have certain privileges or authorization that you want to audit. You can audit individual SQL Server logins with privileged access as well as logins that belong to specific server roles. A sudden spike in privileged user activity could indicate a security breach. For more information about selecting privileged users for audit, see the Configuration wizard - Privileged Users window and the Registered SQL Server Properties window - Privileged User Auditing tab.

If you are auditing privileged user activity and the trusted user is also a privileged user, SQL Compliance Manager will continue to audit this user because of its elevated privileges. For example, a service account that is a member of the sysadmin fixed SQL Server role will continue to be audited even though the account is designated as trusted. Keep in mind that trusted users are filtered at the database level whereas privileged users are audited at the server level. 

Understanding before and after data

...

...