Page History

...

If you are subject to comply with regulations such as PCI DSS or HIPAA, you can use SQL Compliance Manager to configure your audit settings according to the specific guidelines of the regulation. SQL Compliance Manager then collects event data based on these guidelines and can provide a report that details the section of the regulation and the data collected using SQL Compliance Manager. You can apply the regulation guideline audit settings to one or more databases on a registered SQL Server instance. For more information, see see Comply with specific regulations. 

...

On each registered SQL Server instance, the SQL Compliance Manager Agent starts a SQL Server trace to copy SQL event log entries, called audit events, to trace files. Trace files are temporary files that store audit events until these events can be sent to the Collection Server. Trace files are located in a trace file directory on the audited SQL Server computer. For more information, see see How the SQL Compliance Manager Agent works.

...

IDERA SQL Compliance Manager 5.5.x includes support for event handling with SQL Server Extended Events. This optional feature is available for use in auditing instead of using SQL Trace. Running Extended Events offers a performance improvement over the default SQL Trace audit event gathering system and is available for instances running SQL Server 2012 and later. For more information about using the Extended Events option, see see Using SQL Server Extended Events.

...

IDERA SQL Compliance Manager 5.5.x includes support for event handling with SQL Server Audit Logs. This optional feature is available for use in auditing as an alternative to using SQL Server Extended Events or SQL Trace. Auditing via Audit Logs offers the ability to track your alerts for Agents running SQL Server 2017 and later. For more information about using the Audit Logs option, see see Using SQL Server Audit Logs. 

Using the Collection Server

The Collection Server stores  stores the compressed trace files in the CollectionServerTraceFiles folder until the files can be processed. This folder is located in under the install directory (C:\Program Files\Idera\SQLcompliance) on the computer that hosts the Collection Server. The CollectionServerTraceFiles folder is also called a trace file directory, and is secured using ACL settings. You can specify a different location for the trace directory.

...

For optimal data management, SQL Compliance Manager supports archiving and grooming of event data. Depending on the size of your environment, the amount of event data you audit, and your reporting cycles, you may want to archive and groom event data on a routine basis. For more information, see see Manage Audit Data.

Understanding trusted and privileged users

...

By designating trusted users, you can more efficiently audit databases used by third-party applications, such as SAP, that is are self-auditing. Self-auditing applications are able to audit activity and transactions initiated by their service accounts. Because service accounts can generate a significant number of login and database change events, omitting these expected events from your audit data trail lets you more easily identify unexpected activity.

...

In comparison, privileged users are SQL Server logins and members of SQL Server roles that have certain privileges or authorization that you want to audit. You can audit individual SQL Server logins with privileged access as well as logins that belong to specific server roles. A sudden spike in privileged user activity could indicate a security breach. For more information about selecting privileged users for audit, see the the Configuration wizard - Privileged Users window and the  and the Registered SQL Server Properties window - Privileged User Auditing tab.

...

...