We are needing to monitor SQL security events. Can anyone tell me how MSSQL AUDITOR performs from this perspective?
We'd like to see granular information such as Change Data Capture - inserts, updates, deletes, across tables .etc...
Thanks!
We have this set up for UserModifyAttribute. The rule specifically says monitor change attempts to a MSSQL database. I will be attempting this in the next few weeks. Did you ever get this set up?
I got it set up but used it with our production Solarwinds SQL which generates too much event activity, mostly due to the many products we're using.
I'm waiting on our DBA to offer a lighter load SQL server to continue with our reviews.
You might check out the rules in the Console that are under MSSQL - in version 5.5 in the Rule Library, in version 5.6 they'll be labeled with one of the Database tags.
By default, we don't cover all inserts/updates to all databases unless they fail because this data could include personally identifiable information. We do cover failures in those areas, plus new users, changes to users, new databases, etc - change management type stuff. We might have more detailed info lying around if you haven't already had your questions answered.
