![]() Set-AzSqlDatabaseAudit -ResourceGroupName "ResourceGroupName" -ServerName "ServerName" -databasename "DatabaseName" -PredicateExpression "action_id != 17234" If = convert(int, convert(varbinary(1), 2, 1)))) * power(2,8) + = convert(int, convert(varbinary(1), ' ')) * power(2,8) + more info: Filter SQL Server Audit on action_id / class_type predicate | Microsoft LearnĢ- Use the returned result (17234) for Set-AzSqlDatabaseAudit powershell command.ģ- The PowerShell command will be as the following: SET = convert(int, convert(varbinary(1), 1, 1)))) as the following steps:ġ- Identify the Action ID of the action ID ‘RCM’ ( RPC COMPLETED) or any other action, by running the following TSQL script on SSMS: ![]() | project action_name_s,action_id_s, event_time_t, statement_s, succeeded_s, affected_rows_d, server_principal_name_s, client_ip_s, application_name_s, additional_information_s, data_sensitivity_information_sīut, if you to change the Audit Policies to exclude RPC completed completely, the filtering will be by a T-SQL predicate added to your PowerShell script. | where ResourceId =~ '/subscriptions/.’ You can filter the Audit Logs, on Log analytics by adding a where clause | where action_name_s != 'Audit Action name' as below: SELECT count(*) as count,action_id FROM sys.fn_get_audit_file ('',default,default) From the Audit xel files on Blob Storage: |summarize count() by action_name_s,action_id_s |where LogicalServerName_s =~ 'ServerName' | where Category = 'SQLSecurityAuditEvents' If you use Log Analytics, Blob Storage, or both, you will see different Audit Actions as below: ![]() If you enable SQL Audit on your Azure SQL database, there will be default settings that your Audit is configured with, including the default Action Groups "BATCH_COMPLETED_GROUP", "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP","FAILED_DATABASE_AUTHENTICATION_GROUP" The Azure SQL Auditing feature is used to track database events and writes them to an audit log in your Azure storage account, Log Analytics workspace, or Event Hubs.
0 Comments
Leave a Reply. |