Control: Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
Description
Set audit_log_enabled to include CONNECTION on MySQL Servers.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.mysql_server_audit_logging_events_connection_setSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.mysql_server_audit_logging_events_connection_set --shareSQL
This control uses a named query:
select s.id as resource, case when lower(config -> 'ConfigurationProperties' ->> 'value') = 'connection' then 'ok' else 'alarm' end as status, case when lower(config -> 'ConfigurationProperties' ->> 'value') = 'connection' then s.name || ' server parameter audit_log_events has connection set.' else s.name || ' server parameter audit_log_events connection not set.' end as reason , s.resource_group as resource_group , sub.display_name as subscriptionfrom azure_mysql_server as s cross join lateral jsonb_array_elements(server_configurations) config left join azure_subscription as sub on sub.subscription_id = s.subscription_idwhere config ->> 'Name' = 'audit_log_events';