When people think of security the first things that come to mind are “restricting access” and “least privilege”. I.e. who has access to what and why. What most people don’t initially think about is how to tell what has been happening with the data.
Who has been viewing or modifying the data?
Have there been a lot of failed connection attempts?
When was the data last changed?
Extended Events and SQL Audit are just two of a number of ways to answer these questions. Join me as we explore the tools we have to answer these questions.