Description

Detects Azure SQL Databases that have Extended Auditing disabled. Extended Auditing is a crucial security feature that logs database events and activities, helping with security monitoring, forensic analysis, and regulatory compliance. Disabling this feature significantly reduces visibility into database access and changes.

Detection Strategy

• Retrieves Extended Auditing configuration settings for Azure SQL Databases

• Checks if the auditing state configuration is set to 'Disabled'

• Reports a vulnerability if Extended Auditing is disabled for any SQL Database instance