Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can choose to audit event categories and user-defined events. An event category includes related SQL Server events that occur at the server level. A user-defined event is a custom event you create and track using the sp_trace_generateevent stored procedure.

Note

Audited Activities selected at Default Server-level audit settings are automatically pre-selected and disabled for selection for Default Server level Privileged Users added at the Server-level Privileged User Auditing.

Access Check Filter

Allows you to refine your audit trail for SQL Server login data audit trail by collecting events that better reflect your auditing requirements for security and user processes.

...

Select this filter to help identify logins that may have inappropriate access rights or permissions. This filter may also help reduce the size of your audit data.

Type of Event FilterDescription
Audit only actions that passed access checkOmits events that track failed access checks performed by SQL Server.
Audit only actions that failed access checkOmits events that track passed access checks performed by SQL Server.


Capture DML and SELECT Activities 

For each instance registered by default the The option Extended Events is selected by SQL Compliance Manager configured by default for each instance registered to capture DML and Select activities. 

Via Trace Events  - Allows you to select Trace Events as your event handling system for DML and SELECT activities. For more information about this feature, see Understanding Traces

Via Extended Events - Allows you to select SQL Server Extended Events as your event handling system for DML and SELECT events for SQL Server 2012 and later versions. For more information about this feature, see Using SQL Server Extended Events.

...

Note

SQL Compliance Manager does not support Extended Events functionality on SQL Server releases earlier than SQL Server 2012; therefore, therefore for the registration of SQL Server instances with versions lower than SQL Server 2012, the Capture DML and Select Activities option is set to Via Trace Events.

...

The Trusted Users tab of the SQL Server Default Audit Settings window allows you to add Trusted Users at the server level and set the default audit settings to be applied on SQL Server instances.  Trusted Trusted users are SQL Server logins and members of SQL Server roles that you trust to read, update, or manage a particular audited server or databasesdatabase. The SQL Compliance Manager Agent removes events generated by trusted users from the audit trail before sending the trace file to the Collection Server for processing. This exclusion occurs for all auditing, including DML and SELECT events DML and SELECT events related to sensitive columns and before and after data.

When you designate trusted users, consider Consider limiting your list to a few specific logins when you designate trusted users. This approach optimizes event processing performance and ensures you filter the intended accounts.

If Suppose you are auditing privileged user activity, and the trusted user is also a privileged user. In that case, IDERA  IDERA SQL Compliance Manager will continue to audit this user because of its elevated privileges. For example, a service account that is a member of the sysadmin fixed SQL Server role will continue to be audited even though the account is designated as trusted. Keep in mind that trusted users are filtered at the database level, whereas privileged users are audited at the server level.
To omit , or filter , events generated by specific logins and roles from your audit data trail, select the SQL Server login or role you want to trust and then click Add.

...

Allows you to select which SQL Server logins or roles you want to trust on this database. When a login or role is designated as trusted, the SQL Compliance Manager Agent omits all database-level activity generated by these logins from the audit data trail.

...

Allows you to designate a previously trusted user or SQL Server role as non-trusted. When a login or role becomes non-trusted, SQL Compliance Manager begins auditing database-level activity generated by this login or role, based on your current audit settings.

Anchor
privileged
privileged
Privileged User Auditing tab

The Privileged User Auditing tab of the SQL Server Default Audit Settings window allows you to add Privileged Users at the server level and set the default audit settings to be applied on SQL Server instances. You can choose to audit event categories and user-defined events. An event category includes related SQL Server events that occur at the server level. A user-defined event is a custom event you create and track using the sp_trace_generateevent stored procedure.

...

Allows you to remove the selected SQL Server login or fixed server role from the list of audited privileged users. When you remove the login or role, the SQL Compliance Manager Agent no longer collects events recorded for that login or the role members.

Note
titleNote

Any Privileged Users added at the Server-level Default audit settings are automatically added and disabled for selection at the Default Database Privileged Users settings. 

Available fields

Privileged users and roles to be audited

...

Use auditing thresholds to display critical issues or warnings when a particular activity, such as privileged user events, is higher than expected. These thresholds can notify you about issues related to increased activity levels, such as a security breach, that may be occurring on in this instance. Auditing thresholds can also inform you when an audited SQL Server instance is becoming non-compliant. Use thresholds to supplement the alert rules you have configured for your environment.

...

Allows you to set an acceptable rate, or time span, for the warning and critical thresholds. For example, you may expect overall activity to be no more than 200 events per day on in this instance.

Enabled

Allows you to enable (select) or disable (clear) auditing thresholds for a particular event category.

...