SQL Server on Azure
Version: SQL Server on Azure.
SQL Server on Azure gets a high-performing, unified SQL platform built on the industry-leading SQL Server engine with limitless scalability and intelligent performance and security. Migrate without the need to redesign your apps, improve the performance of the existing apps, and build highly scalable cloud services by switching to Microsoft Azure – the best cloud destination for your mission-critical SQL Server workloads.
Netsurion Open XDR monitors events from the SQL Server on Azure. Dashboard and reports in Netsurion Open XDR will help you track SQL server activity with a performed statement and actions performed with a session ID to understand database action flow better, potentially leading to data loss and manipulation of organization decision functions.
Netsurion Data Source Integration for SQL Server on Azure allows you to monitor the following components:
- Security – Information related to the deletion of deployment, node, pods, and the cluster which indicates that instance is likely compromised.
After the SQL Server on Azure is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Azure SQL Server – Database level activity | This alert is triggered when the user tries to create, alter, backup, delete, and perform more actions at the database level on the SQL Server. |
| Security | Azure SQL Server – Permission granted or revoked or denied | This alert is triggered when the user tries permission actions such as a grant, revoke, and deny performed on the SQL Server. |
| Security | Azure SQL Server – Role created or deleted or modified | This alert is triggered when the user performs create, modify, and delete actions for the role on the SQL Server. |
| Security | Azure SQL Server – Schema created or deleted or modified | This alert is triggered when the user performs create, modify, and delete actions for the schema on the SQL Server. |
| Security | Azure SQL Server – Stored procedure created or deleted or modified | This alert is triggered when the user performs create, modify, and delete actions for the store procedure on the SQL Server. |
| Security | Azure -SQL Server – Table/view created or deleted or modified | This alert is triggered when the user performs create, modify, and delete actions for the table/view on the SQL Server. |
| Security | Azure SQL Server – Trigger created or deleted or modified | This alert is triggered when the user performs create, modify, and delete actions to trigger the SQL Server. |
| Security | Azure SQL Server – User-created or deleted or modified or password changed | This alert is triggered when the user performs password change, create, modify, and delete actions for the user on the SQL Server. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Azure SQL server – Server activities | This report provides a detailed summary of actions performed on the SQL Server. It contains a source IP address, username, database name, server name, statement, session ID, hostname, and more. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.x or later, and SQL Server on Azure.
Download Integration Guide and How-to Guide for configuration instructions and more information.