Features

Performance Enhancements

• Collection service multithread event file capture processing:
  • Improved event file capturing mechanism with parallel processing.
  • Previously several areas appeared to be functioning as single-threaded. With this release, the Collection Service can now process multiple files simultaneously.
  • This change enhances the performance and scalability of SQL Compliance Manager and significantly lowers the impact on the monitored systems while maintaining data integrity.
• Console application performance improvements:
  • Improved the console application response state to avoid and eliminate areas that caused "Non-Responding" conditions.
  • Improved the console application's response time by streamlining the SQL Compliance Manager index structure and query efficiency.
  • These enhancements reduce latencies and improve the overall usability of the SQL Compliance Manager console.
• Improved reports and console performance for large repositories by modifying the repository index structure and query efficiency to refine console application response time.
• Inheritance mechanism adjustments:
  • This release introduces a simplified inheritance mechanism by providing users with flexible customization options when configuring audit activities settings for both Server-Level and Database-Level settings.
  • In this release, whenever Privileged Users are set on the Server-Level, they are automatically displayed on the Database-Level.

Alerts

• Timeframe configuration:
  • Alert Rule wizard now includes new timeframe configuration feature.
  • Added new screen to the Alert Rule wizard where users can decide to keep an alert rule active within a specified time and for a specific number of days.
  • Added the ability to limit the number of notification alerts sent via email.

Fixes

• Exporting Audit Settings now successfully includes an export of the Server Level Trusted Users configured.
• Resolved the issue where the SQL Server Properties window displayed the version as Unknown for registered SQL Server 2019 instances. Now, the correct version is shown.
• Resolved the issue where auditing stopped working when a user-configured Sensitive Column auditing without first selecting the DML or SELECT option caused the SQLcompliance Agent to have problems creating the sp_SQLcompliance_AuditXE stored procedure.
• Resolved the issue and now events get captured for sensitive columns when Select and DML are enabled at the database level Audited activities on fresh and upgraded setups.
• The DML Activity (Before-After) report shows accurate results regardless of the collection method being set to Extended Events or SQL Tracing.
• The DML\SELECT filters are now working correctly when auditing SQL Server 2019 and no longer prevent DML and SELECT activities from being audited accordingly.
• The following error is no longer observed when attempting to run DML changes on a table configured for Before-After auditing in the software. "The DELETE permission was denied on the object 'SQLcompliance_Changed_Data_Table'."
• The retention period of the Activity Log is now configurable. It is set to a default of 60 days which can be modified in the SQLcomplianceCollectionService.exe.config file, in the MAX_ACTIVITY_LOGS_AGE flag.
• Console loading times are faster now at both console startup and when navigating to the Audit Events view of the audited server or database.
• Event details on INSERT and DELETE events, audited not as INSERT INTO or DELETE FROM executions, are no longer missing the Target Object Name information, showing the name of the database object affected by the audited DML change.
• Reports deployed to SQL Server Reporting Services now show corresponding logins in the Login dropdown filter when these are set to run against an archived database.
• Reports no longer show a syntax error when executed either from the console application or SQL Server Reporting Services.
• The permissions check for the SQL Server service account permissions on the Agent Trace Files folder no longer fails when the SQL Server is running under the NETWORK SERVICE service account.
• Data types have been updated in the tables saving Before-After data to prevent the tables from filling up with event data too soon. This would have prevented new events from processing otherwise, as a result.
• The console application logging is no longer showing a collation conflict error, as shown below: "Cannot resolve the collation conflict between "SQL_Latin1_General_CP1_CI_AS" and "Latin1_General_CI_AS" in the equal to operation.".

Fixes

• Fixed issue where the audit configuration was not updated when new users were added to a Windows Domain group which were previously configured as Trusted Users.
• Fixed issue where public roles were granted unnecessary permissions such as ALTER, EXECUTE, CONTROL, TAKE OWNERSHIP, and VIEW DEFINITION, on the audit stored procedures sp_SQLcompliance_Audit and sp_SQLCompliance_StartUp.
• Fixed issue where the Collection Server installer raised an error message requesting the removal of the newly restored SQLcompliance and SQLcomplianceProcessing databases. Currently, the migration of the Collection Server preserves the repository databases and displays the events on the console as expected.
• Fixed issue where users were unable to register instances that are unreachable or from an untrusted domain. Currently, users are able to register unreachable instances or instances from untrusted domains. Please note that while unreachable instances can be registered for auditing, it is required for the Agent service to be deployed manually on these server instances.

Features

• Data manipulation language (DML) and select activities captured via Extended Events by default.
• Page compressed indexes in repository Events table.
• Compressed or uncompressed trace files for transfer from agents to collection server.

Features

• New reporting features
  • New reports in the Windows client and SSRS for Server Activity, Trusted/Privileged Users, and Sensitive Column/Before-After Data provide additional insights.
  • Additional filters for Event Type, Schema, multiple Logins, and Dates/Times enable better reporting granularity.
  • Ability to limit user access to selected reports in the Windows client console increases security controls.

Features

• Regulatory Guideline additions
  • Audit for compliance against pre-defined GDPR settings with the new audit and reporting regulatory guideline template.
  • Quickly compare your customized or modified audit configuration against the regulation guidelines with the Regulation Compliance Check Report to verify that your settings are compliant.
• Configuration and Settings enhancements
  • New logic indicates related settings for servers versus databases, and applies selected server-level settings to associated databases.
  • Define default configuration settings at the server or database level, starting from IDERA best-practice recommendations, and apply them to selected servers and databases.
  • Quickly view any differences from default settings in the Configuration Check Report.
  • Designate a Server Level Trusted User for all associated databases to reduce data collection for that user.
  • Collect data specifically for Selects and DML activity with Sensitive Column Auditing to identify sensitive information.
  • Set the server-level configuration to optionally capture Logout events as well as Logins and Failed Logins.
  • Add databases to the auditing list automatically with default database settings applied when they are created.
• Web console update
  • The web console will be primarily used by auditors and executives to view alerts and reports.
  • Configurations, Settings, and Properties are no longer visible or editable in the web console to protect them from unauthorized changes.

Features

• New audit and reporting regulatory guideline templates:
  • Defense Information Security Agency / Security Technical Implementation Guide (DISA STIG).
  • North American Electric Reliability Corporation (NERC).
  • Center for Internet Security (CIS).
• Updates to existing audit and reporting templates:
  • Family Educational Rights and Privacy Act (FERPA) – now a standard template.
  • Sarbanes-Oxley Act (SOX).
  • Payment Card Industry Data Security Standard (PCI DSS).
• New option to save and upload custom regulatory guidelines.
• Sensitive data set selection option that spans across multiple tables.
• Row count function added for all event types (SQL Server 2008 and later)
  • Visible in Event Properties in both web console and client interface.
  • Set alerts based on row count with optional time interval thresholds.
  • Generate reports with row count information.
• Audit logs support for SQL Server 2017 added for collecting audit data.
• Extended events support added to Windows Management Console.
• Improved user installation experience:
  • Updated installer wizard streamlines the installation options and process.
  • Silent installer option enables easier setup for new servers.
  • Microsoft dll components installed with SQL Compliance Manager.
• Windows Server 2016 OS and SQL Server 2017 database platform support.

Fixes

• Bug fixes and UI enhancements.

Features

• SQL Server 2016 Support.
• General Availability of the Web Dashboard – the Web Dashboard now includes the majority of the features present in the Windows Console, including the explore audited SQL Servers Summary views, Alert Rules, Event Filters, Activity and Change Logs, Audit Reports, and more.
• IDERA Dashboard Integration – addition of Enterprise Activity Report Card widget modeled after the Enterprise Activity graph, and an Audited Instances widget modeled after the Audited Instances graph.
• Export Web Views – Allows web console views to be exported to common formats such as PDF, making it easy to add information to any external custom report.
• Ability to set email notifications for audit events using web dashboard.