#3481 sp_Blitz security docs

Updated links on new alerts, added documentation. Closes #3481.
BrentOzarULTD · Apr 19, 2024 · e2fc121 · e2fc121
1 parent 8fc2b0b
commit e2fc121
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 12 deletions.
diff --git a/Documentation/sp_Blitz_Checks_by_Priority.md b/Documentation/sp_Blitz_Checks_by_Priority.md
@@ -6,8 +6,8 @@ Before adding a new check, make sure to add a Github issue for it first, and hav
 
 If you want to change anything about a check - the priority, finding, URL, or ID - open a Github issue first. The relevant scripts have to be updated too.
 
-CURRENT HIGH CHECKID: 257.
-If you want to add a new one, start at 258.
+CURRENT HIGH CHECKID: 261.
+If you want to add a new one, start at 262.
 
 | Priority | FindingsGroup | Finding | URL | CheckID |
 |----------|-----------------------------|---------------------------------------------------------|------------------------------------------------------------------------|----------|
@@ -28,6 +28,10 @@ If you want to add a new one, start at 258.
 | 1 | Performance | Memory Dangerously Low in NUMA Nodes | https://www.BrentOzar.com/go/max | 159 |
 | 1 | Reliability | Evaluation Edition | https://www.BrentOzar.com/go/workgroup | 229 |
 | 1 | Reliability | Last good DBCC CHECKDB over 2 weeks old | https://www.BrentOzar.com/go/checkdb | 68 |
+| 1 | Security | Dangerous Service Account | https://vladdba.com/SQLServerSvcAccount | 258 |
+| 1 | Security | Dangerous Service Account | https://vladdba.com/SQLServerSvcAccount | 259 |
+| 1 | Security | Dangerous Service Account | https://vladdba.com/SQLServerSvcAccount | 260 |
+| 1 | Security | Dangerous Service Account | https://vladdba.com/SQLServerSvcAccount | 261 |
 | 5 | Monitoring | Disabled Internal Monitoring Features | https://msdn.microsoft.com/en-us/library/ms190737.aspx | 177 |
 | 5 | Reliability | Dangerous Third Party Modules | https://support.microsoft.com/en-us/kb/2033238 | 179 |
 | 5 | Reliability | Priority Boost Enabled | https://www.BrentOzar.com/go/priorityboost | 126 |

diff --git a/sp_Blitz.sql b/sp_Blitz.sql
@@ -5019,8 +5019,8 @@ IF @ProductVersionMajor >= 10
 							258 AS [CheckID] ,
 							1 AS [Priority] ,
 							'Security' AS [FindingsGroup] ,
-							'SQL Server is running under the '+ [service_account] +' account' AS [Finding] ,
-							'https://www.brentozar.com/go/setup' AS [URL] ,
+							'Dangerous Service Account' AS [Finding] ,
+							'https://vladdba.com/SQLServerSvcAccount' AS [URL] ,
 							'SQL Server''s service account is '+ [service_account] 
 							+' - meaning that anyone who can use xp_cmdshell can do absolutely anything on the host.'  AS [Details]
 						  FROM
@@ -5056,8 +5056,8 @@ IF @ProductVersionMajor >= 10
 							259 AS [CheckID] ,
 							1 AS [Priority] ,
 							'Security' AS [FindingsGroup] ,
-							'SQL Server Agent is running under the '+ [service_account] +' account' AS [Finding] ,
-							'https://www.brentozar.com/go/setup' AS [URL] ,
+							'Dangerous Service Account' AS [Finding] ,
+							'https://vladdba.com/SQLServerSvcAccount' AS [URL] ,
 							'SQL Server Agent''s service account is '+ [service_account] 
 							+' - meaning that anyone who can create and run jobs can do absolutely anything on the host.'  AS [Details]
 						  FROM
@@ -9667,8 +9667,8 @@ IF @ProductVersionMajor >= 10 AND  NOT EXISTS ( SELECT  1
 								    				 260 AS CheckID
 								    				,1 AS Priority
 								    				,'Security' AS FindingsGroup
-								    				,'SQL Server''s service account is a local admin' AS Finding
-								    				,'https://www.brentozar.com/go/setup' AS URL
+								    				,'Dangerous Service Account' AS Finding
+								    				,'https://vladdba.com/SQLServerSvcAccount' AS URL
 								    				,'SQL Server''s service account is a member of the local Administrators group - meaning that anyone who can use xp_cmdshell can do anything on the host.' as Details
 
 								    END;
@@ -9713,8 +9713,8 @@ IF @ProductVersionMajor >= 10 AND  NOT EXISTS ( SELECT  1
 								    		    		 261 AS CheckID
 								    		    		,1 AS Priority
 								    		    		,'Security' AS FindingsGroup
-								    		    		,'SQL Server Agent''s service account is a local admin' AS Finding
-								    		    		,'https://www.brentozar.com/go/setup' AS URL
+									    				,'Dangerous Service Account' AS Finding
+									    				,'https://vladdba.com/SQLServerSvcAccount' AS URL
 								    		    		,'SQL Server Agent''s service account is a member of the local Administrators group - meaning that anyone who can create and run jobs can do anything on the host.' as Details
 
 								        END;
@@ -9746,8 +9746,8 @@ IF @ProductVersionMajor >= 10 AND  NOT EXISTS ( SELECT  1
 								    		    		 261 AS CheckID
 								    		    		,1 AS Priority
 								    		    		,'Security' AS FindingsGroup
-								    		    		,'SQL Server Agent''s service account is a local admin' AS Finding
-								    		    		,'https://www.brentozar.com/go/setup' AS URL
+									    				,'Dangerous Service Account' AS Finding
+									    				,'https://vladdba.com/SQLServerSvcAccount' AS URL
 								    		    		,'SQL Server Agent''s service account is a member of the local Administrators group - meaning that anyone who can create and run jobs can do anything on the host.' as Details
 
 								        END;