MS SQL Server Audit Report

by David Schwalenberg
November 20, 2013

This report displays the results from an audit check of Microsoft SQL Server database servers.

The Microsoft SQL Server asset list is used to identify all Microsoft SQL Servers on the network; this asset list is available in the SecurityCenter app store feed. The audit checks are contained in audit files that can be downloaded from the Tenable Customer Support Portal. Any SQL Servers audited by performing Nessus scans with these policies can be used to populate this dashboard. Both SQL Server and the underlying Windows OS should be audited because the security of the database depends on minimizing the vulnerabilities of both.

The report is available in the SecurityCenter 4.7 Report app feed, an app store of dashboards, reports, and assets.  The report requirements are:

  • SecurityCenter 4.7
  • Nessus 5.2.1
  • Microsoft SQL Server asset
  • Microsoft SQL Server compliance audit files

Chapters

MS SQL Server Audit Summary - This chapter summarizes the audit results by severity, by server, and by vulnerability area. Green indicates passed audit checks, red indicates failed audit checks, and orange indicates audit checks that could not be performed automatically and need to be verified manually.

MS SQL Server Audit Results - This chapter presents detailed lists of the audit check results for each server IP address. First in each list are the audit checks that failed (High severity), followed by the checks that require manual verification (Medium severity), and ending with the checks that passed (Informational).