Audit data for Azure SQL is retained for at least 90 days

Set up the azure.sql integration.

Description

SQL Server Audit Retention should be configured to be greater than 90 days.

Rationale

Use Audit Logs to check for anomalies and to get insight into suspected breaches or misuse of information and access.

Remediation

From the console

1. Go to SQL servers
2. For each server instance
3. Click on Auditing
4. Select Storage Details
5. Set Retention (days) setting greater than 90 days
6. Select OK
7. Select Save using Azure PowerShell.

From the commandline

1. For each server, [set retention policy][3] for more than or equal to 90 days.

Set-AzSqlServerAuditing -State Enabled -ServerName "<server name>" -ResourceGroupName "<resource group name>" -StorageAccountName "abcd1234abcd1234abcd1234" -RetentionInDays <Number of Days to retain the audit logs, should be 90 days minimum>

Note: You can set the number of days to 0 for unlimited retention.

References

1. [https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing][1]
2. [https://learn.microsoft.com/en-us/powershell/module/az.sql/get-azsqlserveraudit?view=azps-9.2.0][2]
3. [https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-6-configure-log-storage-retention][4]

[https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing][1] [https://learn.microsoft.com/en-us/powershell/module/az.sql/get-azsqlserveraudit?view=azps-9.2.0][2] [https://learn.microsoft.com/en-us/powershell/module/az.sql/set-azsqlserveraudit?view=azps-9.2.0][3] [https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-6-configure-log-storage-retention][4]