Diagnostic settings policy on Azure SQL DBs --> non-compliance status if these log categories not added

tyconsulting / azurepolicy

MIT License

146 stars 132 forks source link

Diagnostic settings policy on Azure SQL DBs --> non-compliance status if these log categories not added #21

Closed ctvue closed 2 years ago

ctvue commented 3 years ago

The azure policy definition is azurepolicy/policy-definitions/resource-diagnostics-settings/log-analytics/azurepolicy.sqlDBs-la.json .These two log categories must be added to the policy else Azure policy compliance evaluation will mark it as non-compliant because the two missing categories are set to "false".

DevOpsOperationsAudit
SQLSecurityAuditEvents

Azure Portal shows 9 log categories, but the API call is sending 11 log categories.

tyconsulting commented 2 years ago

SQL DB is now using the Log Category Group instead. so all the log categories are selected