0

We have an Azure SQL Managed Instance having number of databases on it . We have to enable audit logs of SQL Managed Instance from diagnostic settings and also enabled logs by executing queries on MI and sending those logs to event hub. We are getting up logs (select, Execute) but not able to see the logs related to database drop/delete activity

the blog (https://docs.imperva.com/en-US/bundle/cloud-data-security/page/78051.htm) I am using the for enabling audit log in Azure SQL Managed Instance plus we need to see/visualize the data/request that are coming to eventHub.

enter image description here

Nauman Kyani
  • 81
  • 5
  • Select "Diagnostic settings" from the left-hand menu. Click on "Add diagnostic setting" or select an existing one to edit. Enable the "AuditLogs" category and select the desired destination, such as Azure Storage, Event Hub, or Log Analytics. Save the diagnostic settings. – Sampath Jul 06 '23 at 07:53
  • for more details refer [this](https://learn.microsoft.com/en-us/azure/data-explorer/using-diagnostic-logs?tabs=ingestion) – Sampath Jul 06 '23 at 08:02
  • [Audit](https://i.imgur.com/FTzjnJV.png), [here](https://i.imgur.com/IdPuHoc.png) – Sampath Jul 06 '23 at 08:37
  • Create a new alert rule using this [reference](https://docs.datadoghq.com/security/default_rules/azure-activity-log-alert-delete-azure-sql-database/). Hope this helps – Sampath Jul 06 '23 at 08:55
  • will this rule/alert createUpdateSQLServerFirewallRule will triggered when any of the database is delete from subscription? – Nauman Kyani Jul 06 '23 at 09:32

0 Answers0