SQL Servers and databases are crucial components of any enterprise. They store important and confidential data, making it essential to ensure their security. While preventive measures are important, it is equally crucial to be able to determine the cause of any security incidents that may occur. This is where SQL Server continuous auditing comes into play.

Continuous auditing allows for the early detection of any security changes in SQL Server, enabling database administrators (DBAs) to prevent security breaches or potential data loss. Being informed about security issues in a timely manner is not only important for immediate action, but also for continuous auditing purposes.

ApexSQL Audit is a tool that facilitates SQL Server security auditing. It offers two types of auditing filters: Simple and Advanced. The Simple filter provides a high level of granularity in filtering, allowing for the specification of security-related events at both the server and database levels.

The Simple filter enables the auditing of the following security-related events:

• Server level security events
• Database level security events

Additionally, the Simple filter allows for the inclusion or exclusion of specific logins from auditing using the Logins filter. This feature is useful when excluding trusted users, for example.

While the Simple filter is comprehensive, it may not meet the fine-tuning requirements of advanced users or specific auditing needs. For this reason, ApexSQL Audit also offers an Advanced filter that provides even greater granularity and precision in auditing.

The Advanced filter allows for the creation of auditing rules using logical operators. It offers a wide range of data fields and operators for filtering. The Text data filter, in particular, allows for parsing the actual T-SQL of audited events and filtering based on specific conditions.

For example, the Advanced filter can be used to audit and log only the “alter login” and “create login” events that do not fulfill the company’s rule of having the “Enforce password policy” and “Enforce password expiration” enabled. This allows DBAs to be promptly notified and take necessary steps to address the issue.

ApexSQL Audit also provides a robust alerting system to ensure timely notification of any security auditing issues or events. The alerting system includes built-in system alerts, user-defined data alerts, and custom script alerts. The alerting engine operates in real-time, intercepting and processing audited events before they are stored in the central repository database.

Furthermore, ApexSQL Audit offers comprehensive reporting capabilities. It provides both a graphical user interface (GUI) and web-based reporting options. The GUI includes 11 predefined basic reports with filtering abilities, allowing for quick and easy preview of collected events and precise reporting on required audited events.

For more advanced reporting needs, ApexSQL Audit offers custom reports. These reports can be customized using the advanced filter form, allowing for the creation of precise filtering conditions that can be saved and reused as needed. There is no limitation on the number of reports that can be created, providing flexibility in generating general overviews or specific reports tailored to specific requirements.

ApexSQL Audit is a lightweight tool that uses a central repository database with a built-in tamper-proofing mechanism. It offers high precision auditing, alerting, and reporting capabilities, making SQL Server security auditing and compliance easier and more reliable.

In conclusion, SQL Server security auditing is crucial for maintaining the integrity and security of databases. ApexSQL Audit provides a comprehensive solution for continuous auditing, alerting, and reporting, ensuring that any security changes or incidents are promptly detected and addressed.