Overview
This guide will walk through remotely scanning a domain-joined Microsoft SQL Database using CIS-CAT Pro Assessor v4 GUI. If the Database is not domain joined, please see the this guide: https://cisecurity.atlassian.net/l/cp/cgtfNpKt
Requirements
Windows target machine hosting the SQL server is domain-joined
SQL Authentication Mode is set to Mixed Mode (SQL and Windows Authentication)
User conducting scan has sysadmin permissions
Implementation Steps
Open the GUI
Select Advanced → Add remote or local target system
...
Once the options are configured to your liking, select next and the scan will begin
Troubleshooting Steps
If the scan is unsuccessful, check the SQL logs for a ’Login failed for user' message that matches the username in your JDBC string. Here’s a way to get SQL logs: https://docs.microsoft.com/en-us/sql/relational-databases/performance/view-the-sql-server-error-log-sql-server-management-studio?view=sql-server-ver15
...