Great Content - Question, we have database developer that has their own accounts. What would I choose to audition any insert, update, deletes they did? We want to do this in case there was any malicious attempt to remove customer data. Thank you in advance.
There are a few ways to do this. I would suggest reviewing the following article to see if it can help. www.sqlshack.com/various-techniques-to-audit-sql-server-databases/
I have a problem I have made all the steps correctly yet nothing shows up on my audit file, not even a log saying that the Audit session changed, what should I do?
They never showed up Also my professor said that the version I'm using has bugs related to the log things, I don't know how to give my take on it considering I'm a complete noob in SQL, SSMS and just coding in general
How do i implement ISM-1537 Database event logging Centrally logging and analysing security-relevant events for databases can assist in monitoring the security posture of databases, detecting malicious behaviour and contributing to investigations following cyber security incidents. Control: ISM-1537; Revision: 5; Updated: Sep-24; Applicability: All; Essential Eight: N/A Security-relevant events for databases are centrally logged, including: access or modification of particularly important content addition of new users, especially privileged users changes to user roles or privileges attempts to elevate user privileges queries containing comments queries containing multiple embedded queries database and query alerts or failures database structure changes database administrator actions use of executable commands database logons and logoffs.
![Database Level Auditing with SQL Server 2012 [HD]](http://i.ytimg.com/vi/bW80U9_Jdsw/mqdefault.jpg)
![Database Level Auditing with SQL Server 2012 [HD]](/img/tr.png)
Thanks David for this informative video
I hope it was helpful.
Thanks a lot for this video.
Thanks for the video. Is there anyway to export or forward these logs to SIEM for monitoring
If you SEIM solution supports SQL logs it should work well.
great video thank you!
I'm glad it helped.
Thanks David for this great video, is this possible to audit an SQL errors? like syntax error/ failed queries
Great Content - Question, we have database developer that has their own accounts. What would I choose to audition any insert, update, deletes they did? We want to do this in case there was any malicious attempt to remove customer data. Thank you in advance.
There are a few ways to do this. I would suggest reviewing the following article to see if it can help.
www.sqlshack.com/various-techniques-to-audit-sql-server-databases/
how can i set it to view which users are suing which database??
In the Activity Monitor you should be able to view active connections and that should show the user who established the connection.
How to identify from which table my current table is getting or getting data from?
The table should hold the data itself. Are you looking at a view?
I have a problem
I have made all the steps correctly yet nothing shows up on my audit file, not even a log saying that the Audit session changed, what should I do?
Interesting. Is this a production server or a lab server? How long did you wait for log entries to show up?
They never showed up
Also my professor said that the version I'm using has bugs related to the log things, I don't know how to give my take on it considering I'm a complete noob in SQL, SSMS and just coding in general
@@asrieldreemurr1856 Interesting. If the version has bugs, that might be your issue.
How do i implement ISM-1537
Database event logging
Centrally logging and analysing security-relevant events for databases can assist in monitoring the security posture of databases, detecting malicious behaviour and contributing to investigations following cyber security incidents.
Control: ISM-1537; Revision: 5; Updated: Sep-24; Applicability: All; Essential Eight: N/A
Security-relevant events for databases are centrally logged, including:
access or modification of particularly important content
addition of new users, especially privileged users
changes to user roles or privileges
attempts to elevate user privileges
queries containing comments
queries containing multiple embedded queries
database and query alerts or failures
database structure changes
database administrator actions
use of executable commands
database logons and logoffs.