This article describes the auditing of several Sitecore Managed Cloud – PaaS 2.0 components, including SQL Server and Service Bus, as well as the activity log.
Auditing is used to maintain regulatory compliance, understand historical activity, and gain insight into discrepancies and anomalies that might indicate business concerns or suspected security violations.
Sitecore Managed Cloud – PaaS 2.0 includes the option to set up auditing for all SQL Servers within an environment.
The default auditing policy includes the following set of action groups, which audits all the queries and stored procedures executed against the database, as well as successful and failed logins:
BATCH_COMPLETED_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP
More details regarding the way to analyze SQL Server audit logs can be found here:
https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-analyze-audit-logs?view=azuresql#analyze-logs-using-log-analytics
SQL Server audit logs are stored in the default Log Analytics workspace within the same environment.
Audit Logging is not enabled by default for your Azure Service Bus - with Managed Cloud - PaaS 2.0. However, for each Premium Service Bus, runtime audit logs can be enabled to capture aggregated diagnostic information for various data plane access operations (such as send or receive messages). More details regarding the information that is being captured can be found here: https://learn.microsoft.com/en-us/azure/service-bus-messaging/monitor-service-bus-reference#runtime-audit-logs
Note that runtime audit logs are currently available only in the Premium tier. Contact the Sitecore Cloud Operation support via creating a support case if you want to upgrade your Service Bus to the Premium tier.
Service Bus audit logs are stored in the default Log Analytics workspace within the same environment.
The activity log is enabled for a Sitecore Managed Cloud – PaaS 2.0 environment.
The activity log provides insight into the operations performed on each Azure resource in the subscription from the outside, known as the management plane. It includes information like when a resource was modified or a virtual machine was started. Entries in the activity log are typically a result of changes (create, update, or delete operations) or an action having been initiated. Operations focused on reading details of a resource are not typically captured.
The activity log is stored in the default Log Analytics workspace within the same environment.