This article provides information for evaluators on how to evaluate ApexSQL Audit to match their auditing needs, but also as a reference for first-time users.
Set up the Auditing filters
Using the auditing filters is important to remove unwanted events from the audit data stream, but also to improve scalability and increase the granularity of auditing. Carefully selected auditing filters, will allow filtering the raw data before the processing. The auditing filter allows independent settings for Server and Database level operations. Based on the criteria defined in the Auditing filter, ApexSQL Audit includes or excludes events that will be audited.
For even more granular filtering, use a database object level filter to filter the audited database on the object level. Object level filter allows excluding of the system objects or excluding/including each database object individually by clicking on Choose objects.
Executing a few different simple scripts against the audited SQL Server instance and database, and checking that all events are collected according to the filter settings is highly recommended. The test should confirm that the auditing filter is set to match the auditing requirements or to highlight required corrections in filter settings to match the requirements completely.
Alerting on audit data and status
The application alerting engine allows the user to receive alerts when ApexSQL Audit detects a specific event or operational status. Alerting provides the information needed to timely correct issues that threaten compliance.
ApexSQL Audit comes with four predefined system alerts. Alerting on operational status allows proactively identifying performance issues before ApexSQL Audit is impacted and issues disrupt its ability to continue auditing
Create a few alert rules that will match events in the test queries and run queries. Check for the alert notifications and make sure that all the alerts are generated and according to defined alert rules.
Generating reports on alert activity provide forensic information and validate policy enforcement:
When receiving alert notifications through email account is selected, test email configuration settings to ensure ApexSQL Audit can access selected SMTP server.
Reporting on audit data and status
Reports allow you to track activity and identify problems so that they can be resolved and established compliance maintained.
ApexSQL Audit provides built-in reports that allow quick and easy fulfillment for the most usual auditing demands. Each report offers detailed information about events in audited SQL Server instances. By using the included filters on each individual report it is possible to determine what to display. Filtering reports allows generating reports tailored to compliance needs. Once generated, report can be saved to Word, Excel or PDF.
The following reports come in the box with ApexSQL Audit:
- Complete audit trail
- Backup and DBCC activities
- Before-after auditing
- Compliance standard
- Basel II
- CFR 11
- Compliance standard
- Change and activity auditing
- DML history
- DDL history
- Access history
- Security configuration history
- Logon activity history
- Permission changes
- Unauthorized access
- Auditing overview
- Audit settings history
- Audit integrity checks
The Complete audit trail report is the most comprehensive and versatile report. It can utilize all the available report filters. By using the Complete audit trail report filters, it is possible to generate the customized report to meet all the standard and/or custom auditing requirements.