standard
turbot/azure_compliance

Trigger: Detect & correct SQL servers with auditing retention period less than 90 days

Detect SQL servers with auditing retention period less than 90 days.

Query

select
concat(id, ' [', subscription_id, '/', resource_group, ']') as title,
name,
resource_group,
subscription_id,
_ctx ->> 'connection_name' as conn
from
azure_sql_server,
jsonb_array_elements(server_audit_policy) audit
where
not (
(audit -> 'properties' ->> 'retentionDays') :: integer >= 90
);

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/SQL