MS SQL Server Audit

by David Schwalenberg
November 27, 2013

This dashboard displays the results from an audit check of Microsoft SQL Server database servers. 

The Microsoft SQL Server asset list is used to identify all Microsoft SQL Servers on the network; this asset list is available in the SecurityCenter app store feed. The audit checks are contained in audit files that can be downloaded from the Tenable Customer Support Portal. Any SQL Servers audited by performing Nessus scans with these policies can be used to populate this dashboard; both SQL Server and the underlying Windows OS should be audited because the security of the server depends on minimizing the vulnerabilities of both.

The dashboard displays the audit results and summarizes them by severity, by server, and by vulnerability area. In the dashboard, green indicates passed audit checks, red indicates failed audit checks, and orange indicates audit checks that could not be performed automatically and need to be verified manually.

The dashboard and its components are available in the SecurityCenter 4.7 Dashboard app feed, an app store of dashboards, reports, and assets.

The dashboard requirements are:

  • SecurityCenter 4.7
  • Nessus 5.2.1
  • Microsoft SQL Server asset
  • Microsoft SQL Server compliance audit files

Listed below are the included components:

MS SQL Server Audit - Results by Severity
This component displays a pie chart of audit results grouped by severity. Informational severity indicates passed audit checks, High severity indicates failed audit checks, and Medium severity indicates audit checks that could not be performed automatically and need to be verified manually.

MS SQL Server Audit - Results in Select Vulnerability Areas
This component displays counts of the audit results that passed, that failed, and that require manual verification within each of the specified vulnerability areas. The grouping is done by aggregating results from all the plugins that contain a specified text string within their names. For example, results from all plugins with “access” in their names are aggregated to obtain the total count of access vulnerabilities.

MS SQL Server Audit - Non-Passing Results in Select Vulnerability Areas
This component displays counts of the audit results that did not pass (failed or require manual verification) within each of the specified vulnerability areas. For each count, a bar graph showing the percentage of the total non-passing results is given. The grouping is done by aggregating results from all the plugins that contain a specified text string within their names. For example, results from all plugins with “access” in their names are aggregated to obtain the total count of access vulnerabilities.

MS SQL Server Audit - Results by Server
This component displays audit results grouped by database server.

MS SQL Server Audit - Results Summary
This component displays all audit results that are either fail (High severity) or pass (Informational). Failed results are given first. Results that require manual verification are not included.

MS SQL Server Audit - Results Requiring Manual Verification
This component displays all audit checks that could not be performed automatically and need to be verified manually (Medium severity).