Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading policies...

Policy: Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing

Auditing for Azure SQL Servers and SQL Databases tracks database events and writes them to an audit log Azure storage account, Log Analytics workspace or Event Hubs. Auditing helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations. Auditing enables and facilitates adherence to compliance standards, although it doesn't guarantee compliance. The Default SQL Server Auditing profile set for SQL server is inherited by all the SQL Databases which are part of the SQL server.

Primary Policy

This policy is used with the following primary policy:

  • Azure > CIS v2.0 > 04 - Database Services

Related Policies

  • 4.01.01 - Ensure that 'Auditing' is set to 'On'
  • 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
  • 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
  • 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
  • 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
  • 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'

Category

  • CIS

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/cis#/control/categories/cis
    • Policy Type URI
    • tmod:@turbot/azure-cisv2-0#/policy/types/s0401
    • GraphQL
    • query policyType(id: "tmod:@turbot/azure-cisv2-0#/policy/types/s0401") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv2-0#/policy/types/s0401'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv2-0#/policy/types/s0401'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/azure-cisv2-0#/policy/types/s0401"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv2-0#/policy/types/s0401"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
207
Resource Types
3,351
Policies
1,766
Controls
103
Quick Actions
114
IAM