SCOMCore Addendum – having a strong core makes bigger gains
Updated SCOMCore addendum pack now contains DWDataRP integration, and additional overrides since the last pack posted in 2023. There’s been a lot of updates made since the last update to GitHub. Github Link https://github.com/theKevinJustin/SCOMCoreAddendum
Integration – time to integrate data sources to data lake
Ready for a single pane of glass? Ready to have your insights in a common location? Let’s discuss Data Integration with SQL2022.
Let’s start with some background on SQL2022 and similarly SQL2025, start with the learn site link. SQL2022 by design is Azure enabled with multiple capabilities like ‘Bi-directional HA/DR to Azure SQL’ and ‘Azure Synapse Link’. Basically, Synapse link is the key.
SQL2022 by design is Azure Enabled
Utilize the PowerBI Cloud Service with today’s hybrid environments. SQL2022 allows integration with other Azure capabilities like Azure Data factory/data lake, and Azure Synapse. Another reason to upgrade SQL 2022, is design simplification. However, PowerBI data gateway adds a potential break point (single point of failure). While PowerBI data gateway centralizes all premise data to a central location. In the same way, consolidating data sent to the cloud. When PowerBI data gateway fails, insights and visualizations have stale data (i.e. data NOT transferred for a near real-time display).
Why SQL2022 then?
Connect insights and visualization to justify ‘Data Integration with SQL2022’ scenarios.
SQL2022 built in capability to Azure Synapse Analytics
Use SQL2022 to configure SQL agent jobs which pull SQL scripts from your cloud environment. DevOps and common Azure Storage repository are great advantages for speed of execution.
Seriously, dream on! End the STIGma is a good thing, but STIGs can be a burden. Hit the easy button, if you’re not already using it. Contact your SQL Data and AI Cloud Solutions Architect for the latest SQL STIG Monitor 2024 Q4 build!
Latest SQL STIG monitor 31 Oct 2024 release includes
DISA UPDATES – see link
MS SQL Server 2016 Instance STIG, V3R2:
(NOTE: DISA has been contacted to remove related CCI STIGID for AzureSQLDB that was overlooked: ASQL-00-010700)
POWERSHELL MODULE
Updated version to 1.23
Added STIGID parameter to Invoke-StigMonitor allowing granular control over STIGID scanning.
DATABASE CHANGES
Updated Checklist Templates for Q4 Revisions.
Updated Instance & Database STIG for Q4 benchmark date.
Script updates include:
CNTNMIXDB: Not A Finding if using Windows Auth
FORCENRYPT: NA if using Windows Auth
PWDCMPLX: Updated Finding to remove OS STIG reference
AZDBPERMISS: Revised script with new version.
DBPERMISS: Revised script with new version.
ENFCACCSS: Revised script with new version.
PSERRPERM: Revised script with new version.
UNQSVCACC: Removed code stripping out port number.
AZAUDITSTATE: Properly returns No Finding when audit setup is correct.
Fixed bug in vDocumentation view causing POAMs to not display custom comment in exported documentation.
Added usp_RemoveInstance stored procedure to easily clean up a specific Instance from StigMonitor that no longer exists.
DOCUMENTS
Updated checklist templates, Approvals scripts, and Documentation Templates for Q4 Revisions.
Removed Set-CEIPRegKeys.ps1, Set-FIPSCompliance.ps1, and Set-SqlRegKey.ps1 in favor of Module commands.
Updated InfoPage with new StigMonitor logo and text references.
Documentation updated with new examples of Invoke-StigMonitor STIGID parameter.
Updated documentation to add Azure DB Permission for MS_SecurityDefinitionReader.
Added DatabaseName to CSV Export of Export-StigDocumentation.
REPORTS
Updated Report banner to display new StigMonitor logo and latest report versions.
Removed Adhoc scanning to Policy Management Report in favor of Invoke-StigMonitor parameter.
Removed references to Sunset 2012 and 2014 STIGs.
Added AzureSQLMI for future use.
Combined NF and Approved in Total Findings summary
Reduced Recent Scans to latest 6.
Also please send us your feedback if you get a chance to check this out.
If you want to be added/removed from this, click here (Subscribe /Unsubscribe) or send us an email.
It’s that time again, time to update SQL. Just in case your configuration management solution automatically add SQL updates, you can be prepared. Secondly, if you have to tell the configuration management team to approve updates, patches, this will help jumpstart that process. Either way, knowing about the updates helps you make decisions for your organization’s change process. I believe ‘knowledge is power’, so power up and take away whatever you need to keep up to date.
Subset of the SQL product group released ‘new SQL updates’ in July
The 14th cumulative update release for SQL Server 2022 RTM is now available for download at the Microsoft Downloads site. Please note that registration is no longer required to download Cumulative updates.
To learn more about the release or servicing model, please visit:
Starting with SQL Server 2017, we adopted a new modern servicing model. Please refer to our blog for more details on Modern Servicing Model for SQL Server
Microsoft System Center Management Pack for SQL Server enables the discovery and monitoring of SQL Server 2012, 2014, 2016, 2017, 2019, 2022, and upcoming versions.
The SQL team noted that the newer versions are defaulting Encrypt to be Yes/Mandatory. That is why the new drivers were having an issue. Setting up a certificate in the SQL endpoint would have allowed the connection to work:
Whether you’re building a new SCOM2019, SCOM2022 environment or not, you might be missing these event details, and NOT even know!
It’s been a while for me, and I came across these, so posting for a fresh heads up!
Leverage Holman’s TXT files to keep your logging up to maximum potential! Use the information below to resolve SCOM2016+ SQL SysMessages and 18054 events.
— Source entity of the relationship doesn’t exist.
EXECUTE sp_addmessage @msgnum = 777980002, @msgtext = N’The specified relationship doesn”t have a valid source.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO
— Target entity of the relationship doesn’t exist.
EXECUTE sp_addmessage @msgnum = 777980003, @msgtext = N’The specified relationship doesn”t have a valid target.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO
— Discovery data from invalid managed entity is dropped.
EXECUTE sp_addmessage @msgnum = 777980004, @msgtext = N’Discovery data has been received from a rule targeted to a non-existent entity. The discovery data will be dropped.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO
— Invalid relationship rejected by cycle detection.
EXECUTE sp_addmessage @msgnum = 777980005, @msgtext = N’Relationship {%s} was rejected because it would cause a containment cycle; relationship source = ”%s” and target = ”%s”.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO
— Discovery data generated by invalid connector.
EXECUTE sp_addmessage @msgnum = 777980006, @msgtext = N’Discovery data generated by invalid connector:%s.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO
— Discovery data generated by invalid rule, task, discovery.
EXECUTE sp_addmessage @msgnum = 777980007, @msgtext = N’Discovery data generated by invalid discovery source. Id:%s.’, @severity = 16, @lang = ‘us_english’, @with_log = false, @replace = ‘REPLACE’
GO
If no account information is returned, this is not a finding.
If account information is returned, this is a finding.
Tab delimited view –
Remove Computer Accounts DB SQL6-D0-000400 V-213902 CAT II Non-repudiation of actions taken is required in order to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message.
Remove Computer AccountsSQL6-D0-004200V-213935CAT IINon-repudiation of actions taken is required in order to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message.
Can provide one work-around to mitigate.
Awaiting CSS engagement for official mitigation from support and SCOM PG.
The MCM addendum pack helps monitor MEM. See start menu folder structure for Endpoint Manager software.
Rebranding central – MEM, EM, MECM, SCCM, Configuration manager, depending on the synonym, we’re referring to the same product. Tune the most common critical alerts per the health model to warning.
Did you know – MCM discoveries are based on registry keys added with various role installs on windows servers. These registry keys are typically under this path: HKLM\SOFTWARE\Microsoft\SMS\Operations Management\Components
What capabilities does the ‘MCM addendum pack’ provide?
Quite simply, the pack provides warning severity overrides for common alerts, disable event collection rules.
9 overrides for monitors and rules included in addendum.
Includes warning severity changes for the following rules and monitors:
The ‘MSSQL Addendum pack’ wouldn’t be possible without Brandon Pires contributions. Brandon dealt with my many questions to better alert! If you need more background, check the ‘why addendum pack’ post.
The pack is based on the SQL engineering blog and program team making multiple updates per year for SQL monitoring. The addendum creates two groups for dev/test and notification/subscription modeling. Second, the overrides, man there are a bunch! aid consumption of real issues. Lastly, most environments should be SQL 2016+, as the 2012R2 EOL/EOSL is quickly approaching in October!
MSSQL groups defined in the Addendum pack
MSSQL group discoveries require updates to be applicable to environment
Tailor addendum
First, the Addendum pack requires the MSSQL packs MUST be installed. The addendum is based on the MSSQL 2016+ version agnostic is currently supported, as the 2012,2012R2 products are near end of support.
Find/Replace the variables as needed:
Example ##TESTSERVER##|##DEVSERVER##
Save file
Overrides
Addendum pack contains discovery, monitor, and rule overrides to tune MSSQL to CSA (old PFE/CE/CSAe Microsoft Field engineer recommendations), to match the health model reducing critical ‘wake me up in the middle of the night’ alerts.
Engineering team latest management pack, TechCommunity release v7.2.0.0
Import ‘gotcha’ importing new custom functionality blog
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
