daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/sql/azure-sql-auditing-disabled...

56 lines
2.1 KiB
YAML
Raw Blame History

id: azure-sql-auditing-disabled
info:
name: Azure SQL Server Auditing Not Enabled
author: princechaddha
severity: medium
description: |
Ensure that the "Auditing" feature is enabled within your Microsoft Azure SQL server configuration settings in order to monitor your SQL databases for security, compliance, and troubleshooting purposes. Microsoft Azure allows an SQL server to be created as a service. Enabling auditing at the server level ensures that all existing and newly created databases on that SQL server are audited.
impact: |
Failing to enable auditing for SQL servers can compromise security and compliance by missing critical monitoring on database activities.
remediation: |
Enable the "Auditing" feature in Azure SQL server settings to ensure comprehensive monitoring and compliance across all databases.
reference:
- https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
tags: cloud,devops,azure,microsoft,sql,azure-cloud-config
flow: |
code(1);
for (let ServerData of iterate(template.serverList)) {
ServerData = JSON.parse(ServerData);
set("name", ServerData.ServerName);
set("resourceGroup", ServerData.ResourceGroupName);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az sql server list --query '[*].{"ServerName":name,"ResourceGroupName":resourceGroup}' --output json
extractors:
- type: json
name: serverList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az sql server audit-policy show --name "$name" --resource-group "$resourceGroup" --query '{"AuditState":state}' --output json
matchers-condition: and
matchers:
- type: word
words:
- '"Disabled"'
extractors:
- type: dsl
dsl:
- 'name + " in " + resourceGroup + " does not have auditing enabled"'
# digest: 490a00463044022040c7000bdb4647b6b549702fba4439294bc8dfd609e38b6dc66f590b484890e002203c978aef5f10eff2fab71d40ee96e8c305563da5a38e6314e739bf42b0417863:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink