Event alerts in Azure SQL using auditing

Question

We are looking to get alerts on specific tables in a Azure DB to initiate actions.These could be a) calling a Azure Search indexer API so that changes get indexed in near-real time every time the datasource changes b) push updates to users via SignalR when there is an update

I understand AzureDB has functional limitations and triggers cannot invoke the Azure function directly due to lack of CLR support. Azure SQL Database trigger to insert audit info into Azure Table

Given the triggers in Azure cannot invoke APIs, I was told that we could get information on database updates via the auditing. However, the auditing seems to be at the blob level- not at a table level

Given the multiple changes underway, it would be quite a task and time-delay to check out for the event of interest from the blob.

While there is a line around the blob auditing being configurable(supports higher granularity object-level auditing), I couldn't find an approach to limit blob updates to certain table alone. Any pointers would be appreciated

Also, given blob auditing seems to be built for threat detection/ regulatory purposes,any issues using this for event alerts?

Answer 1

Additional info on granular Blob Auditing in Azure SQL DB (including limiting the audit policy to specific tables/views) can be found here: https://msdn.microsoft.com/library/azure/mt695939.aspx

Please note that we have also created the following OMS integration app for advanced analysis of Audit logs - you can use it to push the Blob audit logs into OMS, and then create customized alerts in OMS on top of the audit logs (this is a temporary solution, until our fully integrated OMS/Log Analytics solution is available): https://github.com/Microsoft/Azure-SQL-DB-auditing-OMS-integration

Best Regards, Gilad Mittelman

SQL Security, Microsoft