I want to check the status of CIS Compliance 4.1.1 Ensure that 'Auditing' is set to 'On' (Scored) for an SQL Server. I know this can be achieved via a powershell cmdlet Get-AzureRmSqlServerAuditing but looking for a way to do it Python.
Asked
Active
Viewed 132 times
0
-
You could use the print_properties to read server level properties to see if auditing is enabled: sql_client.servers.print_properties(GROUP_NAME, SERVER_NAME) Taken from: https://azure.microsoft.com/en-us/resources/samples/sql-database-python-manage/ – Mike Ubezzi Jan 03 '19 at 22:19
-
There is also this example for reading auditing data, if auditing is enabled: Example Python Program Reading SQL Azure Blob Auditing Data - https://blogs.msdn.microsoft.com/azuresqldbsupport/2017/06/23/example-python-program-reading-sql-azure-blob-auditing-data/ But this is not exactly what you are looking for. – Mike Ubezzi Jan 03 '19 at 22:20
-
Thank you Mike, tried properties but couldn't get the exact properties I needed, am thinking will have to use a policy assignment to identify non-compliance https://learn.microsoft.com/en-us/azure/governance/policy/assign-policy-azurecli – T.UK Jan 04 '19 at 10:29
-
After a lot of searching, I found this, hope this helps anyone with similar issues: https://learn.microsoft.com/en-us/rest/api/sql/server%20auditing%20settings/get – T.UK Jan 04 '19 at 11:35
-
Good find. Yes, the Azure SQL REST APIs are the best means for programmatically retrieving this and related properties. I was looking for a pure python solution. Thank you for posting the solution to your issue. – Mike Ubezzi Jan 04 '19 at 17:25
-
The following Stack Overflow thread is an example of calling a RESTful API in Python: https://stackoverflow.com/questions/17301938/making-a-request-to-a-restful-api-using-python and this is the parent page for all REST operations available with Azure SQL Database: https://learn.microsoft.com/en-us/rest/api/sql/ – Mike Ubezzi Jan 07 '19 at 18:32