setup guide for system and account requirements.The Scans > Authentication section is where you'll find authentication records saved in your account, including Azure MS SQL records. Each Azure MS SQL record identifies account login credentials, database information (unless you use auto-discovery), and targets.
See Azure MS SQL Record Settings below for help with the settings that appear in the Azure MS SQL record.
Note: This record type is only available in accounts with PC or SCA and is only supported for compliance scans.
Quick Links: Why use host authentication? | Authentication Technologies Matrix
Follow these steps to create or edit an Azure MS SQL record:
1) Review the Azure MS SQL authentication setup guide for system and account requirements.
2) Go to Scans > Authentication.
3) Take one of these actions:
3a - To create a new Azure MS SQL record, select New > Databases > Azure MS SQL.
3b - To make changes to an existing Azure MS SQL record, select a record in the list and choose Edit from the Quick Actions menu.
The New Azure MS SQL Record or Edit Azure MS SQL Record window appears (depending on the action taken). This is where you'll make your record settings.
4) Choose a tab on the left side of the Azure MS SQL Record window to see the settings available. Provide the necessary inputs on each tab, then click Create (for a new record) or Save (when updating an existing record).
See help below for the settings that appear on each of the tabs within the Azure MS SQL record.
Note for Unit Managers: When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.
This section has basic settings for the record.
Title - Give the Azure MS SQL record a title for easy identification.
Network - (Applicable when the Network Support feature is enabled.) Select the network you want to use for this Azure MS SQL record. The Global Default Network is selected by default but you can choose a user-created network from the list.
Login CredentialsLogin Credentials
This section is where you'll provide credentials for the user account to be used for Azure MS SQL authentication and information about database instances.
Make sure you reviewed the setup guide mentioned in Step 1 under "What are the Steps?" to understand system and account requirements.
Choose Authentication Type: Basic and then enter basic login credentials (username and password).
Username - Enter the username for the user account to use for authentication in [email protected] format.
Password / Confirm Password - Enter the password for the user account. Then confirm the password.
Choose Authentication Type: Vault based to retrieve the password from a password vault. You will need vault records already defined in your account to use this option.
Username - Enter the username for the user account to use for authentication in [email protected] format.
Vault Type - Select the type of password vault you want to use. For each vault type there will be additional information required. The information required depends on the vault type. Please refer to the online help for your vault type to learn more.
Vault Record - Select a vault record that you have already configured in your account. The vault record has vault credentials to securely access sensitive information stored in the vault.
Quick Links: How to Use Vaults | Vault Support Matrix
Tell us the database instance(s) to authenticate to. You can define one instance (provide instance name, database name and port), or choose Auto discover and let us find all matching instances for you.
Instance - Currently, we support only the MSSQLSERVER value for the database instance name and do not support named instances.
Note: You need the instance name assigned to the TCP/IP port (by default this is set to MSSQLSERVER). This is NOT the host name that is assigned to the MS SQL Server instance name.
Database - Enter the database name for the MSSQLSERVER instance. There is an option of Auto discover database instance in case you want to automatically discover database instances on your target hosts
Auto discover - Select this option and we'll automatically find database instances on your target hosts, so you don't have to provide the database name in your record. This is recommended if you have multiple database instances on the same host.
Port - Enter the port number where the database instance is running.
Enter or select the target compliance hosts (IPs) that you want to authenticate to with the credentials provided in this record. Each IP may be included in one Azure MS SQL Server record.
Select IPs/Ranges - Click this link to select IPs/ranges from a list of IPs in your account. The Select IP Addresses window that appears provides a search option so you can easily find what you're looking for. Expand any IP range to see details about the IPs in the range. After selecting IPs/ranges, click Select to add them to the record.
Select Asset Group - Click this link to add IP addresses from asset groups in your account. In the Add IPs from Asset Group window, you'll see the groups listed with the IPs included in each group. There's also a search option so you can quickly find groups in the list. Select one or more groups and click Add. The IPs from the selected groups will be added to the record.
Remove - Click this link to remove IPs/ranges from the record. This is especially useful if you want to remove one or more IPs from within an IP range. In the pop-up that appears, enter the IPs/ranges to remove, and click Remove. The IPs section in the record will be updated with the IPs removed.
For example, let's say the record includes the range 10.10.10.10-10.10.10.250. If you remove 10.10.10.122, the IPs field will be updated to 10.10.10.10-10.10.10.121, 10.10.10.123-10.10.10.250.
Clear - Click this link to clear the entire IPs field.
Display each IP/Range on new line - Check this option to arrange each IP address and IP range on a new line instead of the comma-separated list.
Provide important notes or comments for this record.
