Database auditing rentention period should be longer than 90 days
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | database |
| Provider | Azure |
| Vulnerability Type | misconfiguration |
Description#
The database auditing policy is configured with a retention period shorter than 90 days, which may result in audit logs being deleted too soon and insufficient historical records for security investigations or compliance purposes.
Impact#
Short audit log retention can lead to missing critical evidence during incident response or compliance audits, making it difficult to detect or investigate suspicious activity and potentially resulting in regulatory violations or undetected breaches.
Resolution#
Set retention periods of database auditing to greater than 90 days