Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/eggstoastbacon/powershell---sql-security

This is a script for collecting MSSQL security information daily for reporting and security remeditation,
https://github.com/eggstoastbacon/powershell---sql-security

audit database database-management mssql mssql-automation mssql-database mssql-tools powershell powershell-administration powershell-automation powershell-script security security-audit security-automation security-research security-testing security-tools sql sql-report

Last synced: 27 days ago
JSON representation

This is a script for collecting MSSQL security information daily for reporting and security remeditation,

Host: GitHub
URL: https://github.com/eggstoastbacon/powershell---sql-security
Owner: eggstoastbacon
Created: 2020-02-16T07:13:42.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-02-16T10:08:23.000Z (over 4 years ago)
Last Synced: 2024-10-12T07:21:29.803Z (27 days ago)
Topics: audit, database, database-management, mssql, mssql-automation, mssql-database, mssql-tools, powershell, powershell-administration, powershell-automation, powershell-script, security, security-audit, security-automation, security-research, security-testing, security-tools, sql, sql-report
Language: PowerShell
Homepage:
Size: 61.5 KB
Stars: 3
Watchers: 4
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # PowerShell---SQL-Security

First iterations on github may be a little rough as this was written to be used in an environment where I could make some assumptions, and i've had to go through and generalize my code.

This is a script for collecting MSSQL security information such as;

.MSSQL Login

.Database Permissions

.Availibility Group, Cluster and Listener Info

.Account is Enabled or Disabled

.Account Creation and Modified Date

& More

Designed to be run once per day (day's data will be overwritten if run more than once per day)

The default it to write this data into a SQL table. For example I have used this data to build a BI dashboard and used slicers to drill down into dates and servers to see a snapshot of a point in time.

This is also useful for finding and removing users who may have left your org but still have some lingering SQL permissions.

If you have try this let me know if you find any issues in your environment so I can polish this and further generalize it for public use.

#

Dependencies:

Account provided for scan needs to be SA

This requires SQL Management Studio is installed from where this is run.

Requires WMI and SQL port access to the servers you will scan.

If scheduled run it only once per day.

Requires sqlserver.psd1 if writing report data to SQL (located in this repo)