SQL Server on Azure

Version: SQL Server on Azure.

SQL Server on Azure gets a high-performing, unified SQL platform built on the industry-leading SQL Server engine with limitless scalability and intelligent performance and security. Migrate without the need to redesign your apps, improve the performance of the existing apps, and build highly scalable cloud services by switching to Microsoft Azure – the best cloud destination for your mission-critical SQL Server workloads.

Netsurion Open XDR monitors events from the SQL Server on Azure. Dashboard and reports in Netsurion Open XDR will help you track SQL server activity with a performed statement and actions performed with a session ID to understand database action flow better, potentially leading to data loss and manipulation of organization decision functions.

Netsurion Data Source Integration for SQL Server on Azure allows you to monitor the following components:

  • Security – Information related to the deletion of deployment, node, pods, and the cluster which indicates that instance is likely compromised.

After the SQL Server on Azure is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Azure SQL Server – Database level activity This alert is triggered when the user tries to create, alter, backup, delete, and perform more actions at the database level on the SQL Server.
Security Azure SQL Server – Permission granted or revoked or denied This alert is triggered when the user tries permission actions such as a grant, revoke, and deny performed on the SQL Server.
Security Azure SQL Server – Role created or deleted or modified This alert is triggered when the user performs create, modify, and delete actions for the role on the SQL Server.
Security Azure SQL Server – Schema created or deleted or modified This alert is triggered when the user performs create, modify, and delete actions for the schema on the SQL Server.
Security Azure SQL Server – Stored procedure created or deleted or modified This alert is triggered when the user performs create, modify, and delete actions for the store procedure on the SQL Server.
Security Azure -SQL Server – Table/view created or deleted or modified This alert is triggered when the user performs create, modify, and delete actions for the table/view on the SQL Server.
Security Azure SQL Server – Trigger created or deleted or modified This alert is triggered when the user performs create, modify, and delete actions to trigger the SQL Server.
Security Azure SQL Server – User-created or deleted or modified or password changed This alert is triggered when the user performs password change, create, modify, and delete actions for the user on the SQL Server.

Reports

Type Name Description
Security Azure SQL server – Server activities This report provides a detailed summary of actions performed on the SQL Server. It contains a source IP address, username, database name, server name, statement, session ID, hostname, and more.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.x or later, and SQL Server on Azure.

Download Integration Guide and How-to Guide for configuration instructions and more information.