MS SQL database logs

[Satwika sree]

Dear Team,

I am new to Wazuh and have recently installed a Windows agent in my MS SQL database server, where the logs are stored in the default Windows path. I have some questions regarding the configuration and usage of Wazuh in this environment:

1. What are the recommended Wazuh rules for monitoring MS SQL Server?
2. How can I configure Wazuh to monitor SQL Server security events?
3. How can I set up alerts in Wazuh to notify me of critical MS SQL Server events?
4. How can I use the Wazuh dashboard to monitor MS SQL Server performance?
5. What are the best practices for configuring Wazuh to monitor MS SQL Server in a high-availability environment?
6. How can I troubleshoot issues with Wazuh monitoring of MS SQL Server?

Thank you for your assistance.

[Jorge Eduardo Molas]

Hi Satwika!

I will be working on your questions. I'll get back shortly.

Regards!

[Jorge Eduardo Molas]

Hi!, sorry for the delay.

Wazuh is able to collect MSSQL audit logs through the Windows event channel.
You can use Wazuh to monitor database activity. The idea is to integrate the database logging system into Wazuh using its log collection capabilities, and then the decoders and rules will trigger the corresponding alerts.
Wazuh has out-of-the-box decoders and rules for many databases (PostgreSQL, MySQL, MSSQL, MariaDB, ...). In case of needing extra decoders or rules, they can be added or customized.
I hope this helps!

Regards!

[Satwika sree]

Hi Jorge,

currently, I am able to see only MSSQL login alerts in Wazuh.

May i know, what are the other alerts i can check in wazuh about MSSQL other than Login alerts.

So, I can  explore more about it

Thanks in advance.