March 26, 2015 at 8:17 am
I am truly an accidental SQL Server DBA. For the last 10 years I have planned, designed and maintained a SQL Server 2005 six instance cluster (which I migrated to the current 2008 R2 cluster). We are now in the process of going to a SQL Server 2014 cluster using AAG. My new manager wants to know what all is being audited. I explained that the only thing we have ever had audited were the failed logons. I explained that we have SCOM auditing implemented through our Systems group. I told her that Auditing can be turned on, but I would need to know what all we would want audited. She suggested that I ask other workplaces what their best practices are for auditing/hardening their data. Any advice would be greatly appreciated.
Charlie
April 1, 2015 at 10:42 am
Randy F. Smith, an internationally recognized security expert, has a Recommended Report and Alert Designs document. This is for LOGbinder SQL[/url], but, together with the LOGbinder SQL event list, you might find it useful.
(LOGbinder SQL[/url] is a software to bridge the audit gap between SIEM and Microsoft SQL Server. It can read the SQL binary audit file and transform the raw and cryptic SQL audit events into actionable information, and sends these enriched audit messages to your SIEM, log-management or BDSA solution, using the best format for the target technology.)
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply