Creating sensitive data reports and alerts

Applies to

ApexSQL Audit

Summary

This article describes how to configure sensitive data reports and sensitive data access alerts in ApexSQL Audit 2020 R3 and higher.

Description

Sensitive information flow has always been a top priority for any organization. Having consistent and proactive reports and alerts on sensitive data access can drastically help to manage data flow and assess any potential risk-related consequences.

Configuring sensitive columns auditing precedes the creating sensitive data reports and alerts, and once auditing configuration is concluded, the reports and alerts configuring are the next steps take in creating a proactive and consistent information delivery on sensitive column access.

Creating a report

Getting reported on data access frequently helps with understanding how the data is being approached, at what particular times, and by whom. Having that information ready on a scheduled basis or on-demand will always add to managing looming threats.

Creating sensitive data reports in ApexSQL Audit is quite simple. Here is the quick example in the step-by-step scenario:

Creating sensitive data reports - ApexSQL Audit

  1. Head to Reports in the main application ribbon
  2. Choose the New button inside the reports pane
  3. Continue by choosing Sensitive columns auditing reporting template

After the reporting template is selected, reporting filters will be accordingly set to default values. You can further specify any particular filter to retrieve the data upon that criteria. The most interesting filter to utilize on creating sensitive data access report is Sensitive-column filter allowing users to specify certain sensitive column range to be found in a report:

Sesitive-column reporting filter

Building a convenient report template is an essential piece of the puzzle, hence it helps in creating automated reports without manual management. It takes understanding auditing requirements to build filter criteria accordingly before creating scheduled report jobs.

After the reporting template is complete, a quick overview of the configuration is available in the summary pane in the Reports tab:

Sensitive data reports summary - ApexSQL Audit

Once the template is ready to be used, the actual audited data trail can be quickly previewed in the application reports grid, or exported to several document file formats, or even ultimately scheduled to run automatically on custom frequency:

Sensitive data reports - auditing trail preview

Creating alerts

While it is a common strategy to create a sound security wall around the sensitive data via security access controls, it is always good to have an alerting mechanism to proactively send a notification on any specific data approach that is categorized risky.

ApexSQL Audit provides sensitive data access alerting via its respective alert type and allows users to get notified about sensitive data access via custom specifications. For instance, we are going to explain how to configure alert to trigger when specific columns are accessed by the specific user, via the specific application through the alert configuration wizard:

  1. Head over to Manage tab in the alerting group of the main application tabs

  2. Continue by choosing New in the header controls

    Create new alert in ApexSQL Audit

  3. Choose Sensitive data access alert option

    Sensitive data access alert wizard

  4. In the next step, modify the notification text via both contextual parameters and plain text and hit Next

    New alert wizard in ApexSQL Audit

  5. Select SQL Server instances in the next step

    Alert wizard selecting SQL Server

  6. Sensitive column list will be available for the previously selected SQL Server to choose for alert configuration

    Choosing sensitive columns for alert configuration

  7. In the next step, you can add more filtering criteria upon which an alert configuration is detailed. For this article, we’ve chosen to configure an alert when a specific user access the sensitive columns via the specific application

    Alert wizard apply advanced filters

    If the advanced filter option remains unchecked, the alert would be triggered on each previously selected column access regardless of how the data is being accessed.

  8. In the next step of the Alert Wizard you can specify e-mail profiles where e-mail notification will be received, and if the notification will be written in Windows error log

    Alert wizard email configuration

    Regardless of the choice, the alert notification will always be available in the Alert History tab from the main application ribbon.

  9. In the last step, you can quickly preview the configuration structure and assign a contextual name to the alert

    Summary wizard

    Once the configuration has taken place, ApexSQL Audit will raise the notification alert accordingly of the applied specification

The complete alert notifications can be easily accessed in History alerts tab where you can easily identify any specific notification via filtering options:

Alert history

 

Related posts:

  1. Inventory of system alerts for SQL auditing
  2. FISMA (NIST800-53 rev. 4) compliance checklist for ApexSQL Audit
  3. How to create custom SQL Server performance reports – Part 2 (alerts, Indexes and databases)
  4. SQL Server auditing tool reporting feature overview
  5. Evaluating ApexSQL Audit – Create report definitions, output, and schedule