Benchmark: 4 Database Services
Overview
Auditing for Azure SQL Servers and SQL Databases tracks database events and writes them to an audit log Azure storage account, Log Analytics workspace or Event Hubs. Auditing helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations. Auditing enables and facilitates adherence to compliance standards, although it doesn't guarantee compliance.
Default SQL Server Auditing profile set on a SQL server in inherited to all the SQL Databases which are part of the SQL server.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 4 Database Services.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v140_4Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v140_4 --shareBenchmarks
- 4.1 SQL Server - Auditing
- 4.2 SQL Server - Azure Defender for SQL
- 4.3 PostgreSQL Database Server
- 4.4 MySQL Database
Controls
- 4.5 Ensure that Azure Active Directory Admin is configured
- 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key