Database Compliance Auditing for SQL Server

SQL Compliance Manager

Monitor, audit, and alert on user activity and data changes

Customizable Regulatory Guideline Templates

Easily apply the right auditing settings to your servers and databases for PCI DSS, DISA STIG, NERC, CIS, Family Educational Rights and Privacy Act (FERPA), Sarbanes Oxley Act (SOX), GDPR, and Health Insurance Portability and Accountability Act (HIPAA) regulations. Extensive research is no longer required as you can simply define the objects and apply customizations to the included regulatory guideline templates. Quickly compare your customized or modified audit configuration against the regulation guidelines with the Regulation Compliance Check Report to verify that your settings are compliant.

Fine-Grained Filtering

Powerful filtering capabilities enable you to collect only what is important for audit and compliance; reducing data collection, transmission and storage overhead. Designate a Server Level Trusted User for all associated databases to reduce data collection for that user.

Default Configuration Settings

Define default configuration settings at the server or database level, starting from IDERA best-practice recommendations, and apply them to selected servers and databases. Quickly view any differences from default settings in the Configuration Check Report. Add new databases to the auditing list automatically with default database settings applied when they are created.

Report Generation

Design and generate custom reports using flexible filters, and choose from over 30 pre-defined compliance reports for detailed auditing. The user-friendly schema of the audit data repository enables rapid development of ad-hoc queries and reports for detailed forensic analysis.

Sensitive Column Search

Discover the location of sensitive data that needs to be audited using the integrated sensitive column search. The data search parameters are based on a user-selectable combination of pre-populated and custom defined search strings.

Sensitive Column Auditing & Alerting

Audit any combination of columns and track who has issued “SELECT” statements against any table, whether they are end-users or privileged users. Select individual columns or designate a sensitive data set that spans across multiple tables. Additionally, you can be alerted when any combination of columns are accessed. Collect data specifically for Selects and DML activity with Sensitive Column Auditing to identify sensitive information.

Before and After Data Capture

Audit data changes on any table so you can compare before and after data values resulting from inserts, updates and deletions.

Database Auditing

Supports comprehensive auditing of database events. For example, events can be captured for data changes resulting from INSERT, UPDATE, or DELETE activity on tables, or additional application context can be included within your audit trail. Gather your audit data through trace events, extended events (SQL Server 2012+), or audit logs (SQL Server 2017+).

Extended Events Auditing

Monitor and audit SQL Server Extended Events (XEvents, for SQL Server 2012 and later) for SELECT and DML events, to enable more efficient processing of large numbers of events and event types. Extended events can be audited through both the web console and the Windows Management Console.

Row Count Information

Capture and filter on row count information for all event types (both traces and extended events, for SQL Server 2008 and later). Provide a consolidated row count for the event type for joined query statements. Provide alerts based on optional time interval thresholds that are set for row counts, users, sensitive data and specific queries.

Audit Privileged Users

Allows you to include user-defined events (custom SQL Server event types) selected from a list in audited activities. You can audit, alert on, and filter user-defined events. Privileged user auditing is key to ensure all access to databases can be tracked and reported.

Low-overhead Data Collection

A lightweight agent captures data from the SQL Server trace events, extended events, and audit log files and extracts the selected events for auditing. The data collected is saved to the repository in scheduled batches.

Tamper-proof Audit Data Repository

Guarantees the integrity of audit data by providing an immutable repository – any attempts at changing or tampering with the audit data can be detected. In addition, powerful self-auditing features capture and alert on all changes to auditing policies and data collection parameters.

Auditor’s Mode

Users can be granted auditor privileges only. Users in the auditor role have read-only permission. This supports report and query execution as well as self-audit, integrity reporting, and alerting of changes to configuration and data collection parameters.

Customized Alerting

Provides customized alerting for over 200 specific SQL Server Event types, allowing you to define rules to receive immediate notification when critical SQL server events occur. These events are stored in the audit repository, can be emailed directly to a user and/or written to an event log that feeds an in-house operations monitor system (e.g. SCOM).

Threshold Alerting

Configure multiple event threshold levels and set system alerts. Be alerted through email, windows event log, or SNMP when they are exceeded.

User-Defined Event Auditing & Alerting

Allows you to include user-defined events (custom SQL Server event types) selected from a list in audited activities. You can audit, alert on, and filter user-defined events.

Data-specific Alerting

Define rules to issue alerts based on events, status, or data for sensitive columns or BAD (before/after data) changes.

Central Management Console

The Windows client enables rapid configuration and deployment of SQL Compliance Manager agents as well as real-time monitoring of agent activity and the audit data stream. This makes it easy to manage and track audit activity over a large number of servers. The web-based console provides enterprises with a portal designed for auditors and managers to view a dashboard with alerts and summary data and generate reports against regulatory guidelines.

Guided Instance Install

A guided installation wizard makes registering new SQL Server instances with SQL Compliance Manager fast and easy. This ensures permissions and rights are set correctly to monitor the new instance.

Central Data Repository

A central repository houses all audit data. The published, user-friendly repository schema enables easy development of queries and custom reports. In addition, multiple repositories may be used where required for security partitioning purposes.

Dynamic Deployment Technology

Automatically deploys and configures the SQL compliance manager agents, enabling rapid deployment and eliminating the need for time consuming software installs on your SQL servers.

Efficient Data Archive

Built-in archiving mechanisms enable archiving to be scheduled on any frequency and archives can easily be restored to the current audit data repository or a separate repository. Additionally, you can easily leverage SQL Safe Backup, IDERA’s high-performance backup solution, to compress and encrypt audit data archives.

Availability Group Support

Automatically switches the auditing from primary to the secondary replica in the event of failure as well as failback to primary when it comes back online. No loss of audit data trail in the event of failure.

No credit card required! Fully functional for 14 days SQL-Compliance-Manager-Audit-SQL-Database-Screenshot

Buy Now

$3,795.00 $3,036.00 per instance

Save at least 20% on all online purchases.
Volume discounts available.

Add to Cart

Need multiple licenses?

Save up to 45% with multi-license
discount pricing.

Request a Quote

Live product Demo

See SQL Compliance
Manager in action with
a seasoned pro.

Request a Demo