Sql Vulnerability Assessment Baselines - Create Or Update

Add a database's vulnerability assessment rule baseline list.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/sqlVulnerabilityAssessments/default/baselines/default?systemDatabaseName=master&api-version=2024-05-01-preview

URI Parameters

Name In Required Type Description
baselineName
path True

BaselineName

resourceGroupName
path True

string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

serverName
path True

string

The name of the server.

subscriptionId
path True

string

The subscription ID that identifies an Azure subscription.

vulnerabilityAssessmentName
path True

VulnerabilityAssessmentName

The name of the vulnerability assessment.

api-version
query True

string

The API version to use for the request.

systemDatabaseName
query True

VulnerabilityAssessmentSystemDatabaseName

The vulnerability assessment system database name.

Request Body

Name Required Type Description
properties.latestScan True

boolean

The latest scan flag

properties.results True

object

The rule baseline result list

Responses

Name Type Description
200 OK

DatabaseSqlVulnerabilityAssessmentBaselineSet

Successfully add the vulnerability assessment rule baseline list.

Other Status Codes

ErrorResponse

*** Error Responses: ***

  • 400 SqlVulnerabilityAssessmentIsDisabled - SQL vulnerability assessment feature is disabled. please enable the feature before executing other SQL vulnerability assessment operations.

  • 400 InvalidSqlVulnerabilityAssessmentBaselineInput - The SQL vulnerability assessment baseline input is null or empty.

  • 400 SqlVulnerabilityAssessmentInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.

  • 400 SqlVulnerabilityAssessmentInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.

  • 400 InvalidSqlVulnerabilityAssessmentBaselineInput - The SQL vulnerability assessment baseline input is null or empty.

  • 400 InvalidSqlVulnerabilityAssessmentSettingsInput - The SQL vulnerability assessment setting input is null or empty

  • 400 SqlVulnerabilityAssessmentScanResultsAreNotAvailableYet - SQL vulnerability assessment results are not available yet, please try again later.

  • 400 SqlVulnerabilityAssessmentInvalidRuleId - The SQL vulnerability assessment rule id is invalid.

  • 400 SqlVulnerabilityAssessmentScanDoesNotExist - SQL vulnerability assessment scan does not exist.

  • 400 SqlVulnerabilityAssessmentNoBaseline - No baseline have been found for the latest scan in the resource

  • 400 SqlVulnerabilityAssessmentNoRuleBaseline - No SQL vulnerability assessment baseline was found

  • 400 SqlVulnerabilityAssessmentBaselineNoScanResults - No scan results have been found for rule Id. To set a baseline there must be results for this rule in the latest scan available

  • 400 SqlVulnerabilityAssessmentBadBinaryRuleFormat - Input for binary rule is not a boolean representation

  • 400 SqlVulnerabilityAssessmentBadRuleFormat - The provided results do not comply with the actual layout of the scan results

  • 400 SqlVulnerabilityAssessmentBadRuleWithoutRuleIdFormat - The provided results do not comply with the actual layout of the scan results

  • 400 SqlVulnerabilityAssessmentBadBinaryRuleWithoutRuleIdFormat - Input for binary rule is not a boolean representation

  • 400 SqlVulnerabilityAssessmentBaselineNoScanResultsWithoutRuleId - No scan results have been found for one of the rules. To set a baseline there must be results for this rule in the latest scan available

  • 400 SqlVulnerabilityAssessmentEmptyBaseline - Baseline not set because the results are null or empty

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 SourceDatabaseNotFound - The source database does not exist.

  • 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.

  • 409 DatabaseVulnerabilityAssessmentScanIsAlreadyInProgress - SQL Vulnerability Assessment scan is already in progress

  • 409 SqlVulnerabilityAssessmentStoragefullApiIsEnabled - Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version. Additional troubleshooting information can be found https://aka.ms/SQLVAStoragelessDocumentation.

  • 500 DatabaseIsUnavailable - Loading failed. Please try again later.

Examples

Add a database's vulnerability assessment rule baseline from the latest scan result.
Add a database's vulnerability assessment rule baseline list.

Add a database's vulnerability assessment rule baseline from the latest scan result.

Sample request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/sqlVulnerabilityAssessments/default/baselines/default?systemDatabaseName=master&api-version=2024-05-01-preview

{
  "properties": {
    "latestScan": true,
    "results": {}
  }
}

Sample response

{
  "properties": {
    "results": {
      "VA1223": [],
      "VA2060": [
        [
          "False"
        ]
      ],
      "VA2061": [
        [
          "True"
        ]
      ],
      "VA2062": [],
      "VA2063": [
        [
          "AllowAll",
          "0.0.0.0",
          "255.255.255.255"
        ]
      ],
      "VA2064": [],
      "VA2065": [
        [
          "AllowAll",
          "0.0.0.0",
          "255.255.255.255"
        ]
      ],
      "VA2107": [],
      "VA2130": [
        [
          "Value1",
          "Value2"
        ]
      ]
    }
  },
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/sqlVulnerabilityAssessments/Default/baselines/Default",
  "name": "Default",
  "type": "Microsoft.Sql/servers/sqlVulnerabilityAssessments/baselines"
}

Add a database's vulnerability assessment rule baseline list.

Sample request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4711/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6411/sqlVulnerabilityAssessments/default/baselines/default?systemDatabaseName=master&api-version=2024-05-01-preview

{
  "properties": {
    "latestScan": false,
    "results": {
      "VA2063": [
        [
          "AllowAll",
          "0.0.0.0",
          "255.255.255.255"
        ]
      ],
      "VA2065": [
        [
          "AllowAll",
          "0.0.0.0",
          "255.255.255.255"
        ]
      ]
    }
  }
}

Sample response

{
  "properties": {
    "results": {
      "VA2063": [
        [
          "AllowAll",
          "0.0.0.0",
          "255.255.255.255"
        ]
      ],
      "VA2065": [
        [
          "AllowAll",
          "0.0.0.0",
          "255.255.255.255"
        ]
      ]
    }
  },
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/sqlVulnerabilityAssessments/Default/baselines/Default",
  "name": "Default",
  "type": "Microsoft.Sql/servers/sqlVulnerabilityAssessments/baselines"
}

Definitions

Name Description
BaselineName
createdByType

The type of identity that created the resource.

DatabaseSqlVulnerabilityAssessmentBaselineSet

A database sql vulnerability assessment baseline set.

DatabaseSqlVulnerabilityAssessmentRuleBaselineListInput

A database sql vulnerability assessment rule baseline list input.

ErrorAdditionalInfo

The resource management error additional info.

ErrorDetail

The error detail.

ErrorResponse

Error response

systemData

Metadata pertaining to creation and last modification of the resource.

VulnerabilityAssessmentName

The name of the vulnerability assessment.

VulnerabilityAssessmentSystemDatabaseName

The vulnerability assessment system database name.

BaselineName

Name Type Description
default

string

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

DatabaseSqlVulnerabilityAssessmentBaselineSet

A database sql vulnerability assessment baseline set.

Name Type Description
id

string

Resource ID.

name

string

Resource name.

properties.results

object

The baseline set result

systemData

systemData

SystemData of DatabaseSqlVulnerabilityAssessmentBaselineSetResource.

type

string

Resource type.

DatabaseSqlVulnerabilityAssessmentRuleBaselineListInput

A database sql vulnerability assessment rule baseline list input.

Name Type Description
id

string

Resource ID.

name

string

Resource name.

properties.latestScan

boolean

The latest scan flag

properties.results

object

The rule baseline result list

systemData

systemData

SystemData of DatabaseSqlVulnerabilityAssessmentRuleBaselineListInputResource.

type

string

Resource type.

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

ErrorDetail

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

ErrorDetail[]

The error details.

message

string

The error message.

target

string

The error target.

ErrorResponse

Error response

Name Type Description
error

ErrorDetail

The error object.

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.

VulnerabilityAssessmentName

The name of the vulnerability assessment.

Name Type Description
default

string

VulnerabilityAssessmentSystemDatabaseName

The vulnerability assessment system database name.

Name Type Description
master

string