Skip to content

A retention period of less than 90 days is not specified

Description

Audit Logs can help you find suspicious events, unusual activity, and trends. Auditing the SQL server, at the server-level, allows you to track all existing and newly created databases on the instance. This policy identifies SQL servers which do not retain audit logs for more than 90 days. As a best practice, configure the audit logs retention time period to be greater than 90 days

Fix - Runtime

  1. Log in to the Azure Portal.
  2. Select 'SQL servers'.
  3. Select the SQL server instance you want to modify.
  4. Select 'Auditing', and verify that 'Auditing' is 'On'.
  5. Select 'Storage Details' and select the 'Storage account' in which to save the logs.
  6. Set the 'Retention (days)' to 0 (indefinite) or greater than 90 days.
  7. Select 'OK' and 'Save' your changes."

Fix - Buildtime

Terraform

Resource: azurerm_mssql_database_extended_auditing_policy
Attribute: retention_in_days

resource "azurerm_mssql_database_extended_auditing_policy" "example" {
  ...
  retention_in_days                       = 95 # any value above ninety 
}