Detections
Analytics
SQL6-D0-011000 - SQL Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Organizations are required to use a central log management system, so, under normal conditions, the audit space allocated to SQL Server on its own server will not be an issue. However, space will still be required on the server for SQL Server audit records in transit, and, under abnormal conditions, this could fill up. Since a requirement exists to halt processing upon audit failure, a service outage would result.If support personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion.
The appropriate support staff include, at a minimum, the ISSO and the DBA/SA.
Monitoring of free space can be accomplished using Microsoft System Center or a third-party monitoring tool.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Utilize operating system alerting mechanisms, SQL Agent, Operations Management tools, and/or third-party tools to configure the system to notify appropriate support staff immediately upon storage volume utilization reaching 75%.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2016_Y25M07_STIG.zip
Item Details
References: CAT|II, CCI|CCI-001855, Rule-ID|SV-213984r961398_rule, STIG-ID|SQL6-D0-011000, STIG-Legacy|SV-93935, STIG-Legacy|V-79229, Vuln-ID|V-213984
Plugin: MS_SQLDB
Control ID: cb83f8a642c1bda3ccfc4f9c32ee541f626587d211f04b0fe4149dd83fd78dbe