SQL Performance Intelligence
SQL PerformanceIntelligence™
Docs/Modules/Security Audit

Security Audit

Verify read-only posture and compliance checks without schema changes.

Overview

Security Audit is the read-only SQL Server security review module. It collects server-level and current database security signals, turns them into structured findings, and summarizes the posture with severity counts, login inventory, maturity level, and maturity score.

What You Can Do
  • Run a consolidated security posture audit for the active connection.
  • Review risky findings with severity and category labels.
  • Inspect server login inventory and basic login health state.
  • Summarize security posture with maturity level and score.
  • Export the result as a structured HTML audit report.
Live Screen Areas
  1. Top action area
  2. Left findings panel
  3. Right logins panel
  4. Footer summary cards
Audit Scope & Data Sources
SQL Sources
  • Server principals, role memberships, and permissions
  • Database principals and database permissions
  • Configuration views, credentials, and endpoints
  • Server properties and best-effort Force Encryption reads
Collected Outputs
  • Server login and sysadmin counts
  • Login inventory and account state
  • Security findings with category and severity
  • Maturity score, maturity level, and category breakdown
Finding Families
  • Authentication and authorization posture
  • Surface area and execution risk
  • Network, endpoints, and encryption
  • Monitoring, audit, patch, and database configuration signals
Module Boundary
  • The module is assessment and reporting only.
  • It does not remediate findings automatically.
  • It does not change SQL Server security configuration by itself.
Controls & Live Panels
Top Action Area
  • Audit progress indicator
  • Save HTML
  • Run Audit

The audit does not auto-run when the page becomes visible. It starts only after Run Audit is clicked.

Progress Behavior
  • The progress bar is hidden while idle.
  • It becomes visible during audit execution.
  • It uses an indeterminate style rather than a percentage.
Security Issues Panel
  • Shows a placeholder before the first audit.
  • Shows issue cards after an audit completes.
  • Shows a success message when no findings exist.
  • Issue cards use risk-colored borders and structured metadata.
Server Logins Panel
  • Lists up to the first 30 returned server logins.
  • Shows login name, login type, and health state.
  • Status labels include Active, Disabled, Locked, and Expired.
Findings, Severity & Maturity
Finding Metadata
  • Title, description, category, and risk badge
  • Why and attack scenario text
  • Compliance and control references
  • Optional detail snippets and recommendation text
Risk Levels
  • Critical
  • High
  • Medium
  • Low
  • Info
Footer Summary Cards
  • Critical, High, Medium, and Low finding counts
  • Total Logins and Sysadmins
  • Maturity and Score
  • Maturity and Score cards include tooltip help in the live UI.
Maturity Model
  • Computes a score from 0 to 100 and a maturity level from L1 to L5.
  • Applies weighted penalties based on finding severity.
  • Supports profile variants such as standard, hardened, and banking.
  • Can cap maturity level when foundational controls fail.
HTML Report & Export
Live UI vs HTML Report
  • The live module has no in-app tabs.
  • The saved HTML report does have tabs.
  • This distinction matters when comparing the screen with the exported output.
HTML Report Tabs
  1. Summary
  2. Issues
  3. Cross-Mapping
  4. Logins
What Save HTML Contains
  • Generated timestamp and top summary cards
  • Environment and connection context
  • Issue list and framework cross-mapping
  • Logins table, surface-area configuration, and maturity breakdown
Export Notes
  • Verification queries appear in the HTML report, not the live issue cards.
  • Some contextual fields may be unavailable depending on permissions.
  • Save HTML stays disabled until a successful audit result exists.
Workflow & Interpretation Notes
Typical Workflow
  1. Connect to the target SQL Server and database.
  2. Open Security Audit and click Run Audit.
  3. Review footer cards for severity and maturity context.
  4. Read issue cards from highest risk downward.
  5. Check the login inventory for disabled, locked, or expired accounts.
  6. Save the result as HTML when the findings need to be shared or archived.
Interpretation Notes
  • The module is read-only and does not apply fixes.
  • Some checks are best-effort and can be affected by SQL permissions or environment limits.
  • The right login panel is capped at 30 visible rows in the live UI.
  • Force Encryption and some contextual export details may be unavailable depending on access rights.
  • The live issue list is intentionally shorter than the exported HTML evidence set.
Back to DocsDownload