SQL Server auditing retention should be 90 days or greater¶
Description¶
Audit Logs can be used to check for anomalies and give insight into suspected breaches or misuse of information and access.
Azure Portal¶
Navigate to SQL Servers.
Select the SQL server.
In the left navigation in the Security section, select Auditing.
Select Storage Details and set Retention (days) to 90 days or greater.
Click OK > Save.
PowerShell¶
To enable retention for a SQL Server:
set-AzureRmSqlServerAuditing -ResourceGroupName <resource group name> -ServerName <server name> -RetentionInDays <Number of Days to retain the audit logs, should be 90 days minimum>
Azure Resource Manager¶
Ensure that a Microsoft.Sql/servers/auditingSettings resource contains the following, where
retentionDays
is set to >=90
:
{
"properties": {
"retentionDays": 90
}
}
Example Configuration¶
{
"type": "Microsoft.Sql/servers/auditingSettings",
"apiVersion": "2021-05-01-preview",
"properties": {
"retentionDays": 90
}
# other required fields here
}
Terraform¶
Ensure that an azurerm_sql_server or azurerm_sql_database contains the following:
extended_auditing_policy.retention_in_days
>= 90
Example Configuration¶
resource "azurerm_sql_server" "example" {
extended_auditing_policy {
retention_in_days = 90
}
# other required fields here
}