取得單一掃描記錄的掃描結果清單。
GET https://management.azure.com/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults?workspaceId={workspaceId}&api-version=2023-02-01-preview
URI 參數
| 名稱 |
位於 |
必要 |
類型 |
Description |
|
resourceId
|
path |
True
|
string
|
資源的標識碼。
|
|
scanId
|
path |
True
|
string
|
掃描標識碼。輸入 'latest' 以取得最新掃描的掃描結果。
|
|
api-version
|
query |
True
|
string
|
API 版本。
|
|
workspaceId
|
query |
True
|
string
|
工作區標識碼。
|
回應
安全性
azure_auth
Azure Active Directory OAuth2 Flow
類型:
oauth2
Flow:
implicit
授權 URL:
https://login.microsoftonline.com/common/oauth2/authorize
範圍
| 名稱 |
Description |
|
user_impersonation
|
模擬您的用戶帳戶
|
範例
List scan results
範例要求
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview
/**
* Samples for SqlVulnerabilityAssessmentScanResults List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
* sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
*/
/**
* Sample code: List scan results.
*
* @param manager Entry point to SecurityManager.
*/
public static void listScanResults(com.azure.resourcemanager.security.SecurityManager manager) {
manager.sqlVulnerabilityAssessmentScanResults().listWithResponse("Scheduled-20200623",
"55555555-6666-7777-8888-999999999999",
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_List_listScanResults() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().List(ctx, "Scheduled-20200623", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ScanResults = armsecurity.ScanResults{
// Value: []*armsecurity.ScanResult{
// {
// Name: to.Ptr("VA2062"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062"),
// Properties: &armsecurity.ScanResultProperties{
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// },
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove database firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr(""),
// Scripts: []*string{
// },
// },
// RuleID: to.Ptr("VA2062"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall."),
// RuleID: to.Ptr("VA2062"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Database-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// },
// {
// Name: to.Ptr("VA2063"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
// Properties: &armsecurity.ScanResultProperties{
// BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
// Baseline: &armsecurity.Baseline{
// ExpectedResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
// },
// ResultsNotInBaseline: [][]*string{
// },
// ResultsOnlyInBaseline: [][]*string{
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove server firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr("ReviewServerFirewallRules"),
// Scripts: []*string{
// to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
// },
// RuleID: to.Ptr("VA2063"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
// RuleID: to.Ptr("VA2063"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusFinding),
// },
// }},
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Gets a list of scan results for a single scan record.
*
* @summary Gets a list of scan results for a single scan record.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
*/
async function listScanResults() {
const scanId = "Scheduled-20200623";
const workspaceId = "55555555-6666-7777-8888-999999999999";
const resourceId =
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.sqlVulnerabilityAssessmentScanResults.list(
scanId,
workspaceId,
resourceId,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "Scheduled-20200623";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);
// invoke the operation and iterate over the result
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
await foreach (SqlVulnerabilityAssessmentScanResult item in sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultsAsync(workspaceId))
{
Console.WriteLine($"Succeeded: {item}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062",
"name": "VA2062",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2062",
"status": "NonFinding",
"isTrimmed": false,
"queryResults": [],
"remediation": {
"description": "Remove database firewall rules that grant excessive access",
"scripts": [],
"automated": false,
"portalLink": ""
},
"baselineAdjustedResult": null,
"ruleMetadata": {
"ruleId": "VA2062",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Database-level firewall rules should not grant excessive access",
"description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
"name": "VA2063",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2063",
"status": "Finding",
"isTrimmed": false,
"queryResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"remediation": {
"description": "Remove server firewall rules that grant excessive access",
"scripts": [
"EXECUTE sp_delete_firewall_rule N'Test';"
],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"baselineAdjustedResult": {
"baseline": {
"expectedResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"updatedTime": "2020-02-04T12:49:41.027771+00:00"
},
"status": "NonFinding",
"resultsNotInBaseline": [],
"resultsOnlyInBaseline": []
},
"ruleMetadata": {
"ruleId": "VA2063",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Server-level firewall rules should not grant excessive access",
"description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
}
]
}
List scan results of the latest scan
範例要求
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview
/**
* Samples for SqlVulnerabilityAssessmentScanResults List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
* sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
*/
/**
* Sample code: List scan results of the latest scan.
*
* @param manager Entry point to SecurityManager.
*/
public static void listScanResultsOfTheLatestScan(com.azure.resourcemanager.security.SecurityManager manager) {
manager.sqlVulnerabilityAssessmentScanResults().listWithResponse("latest",
"55555555-6666-7777-8888-999999999999",
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_List_listScanResultsOfTheLatestScan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().List(ctx, "latest", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ScanResults = armsecurity.ScanResults{
// Value: []*armsecurity.ScanResult{
// {
// Name: to.Ptr("VA2062"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062"),
// Properties: &armsecurity.ScanResultProperties{
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// },
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove database firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr(""),
// Scripts: []*string{
// },
// },
// RuleID: to.Ptr("VA2062"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall."),
// RuleID: to.Ptr("VA2062"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Database-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// },
// {
// Name: to.Ptr("VA2063"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
// Properties: &armsecurity.ScanResultProperties{
// BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
// Baseline: &armsecurity.Baseline{
// ExpectedResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
// },
// ResultsNotInBaseline: [][]*string{
// },
// ResultsOnlyInBaseline: [][]*string{
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove server firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr("ReviewServerFirewallRules"),
// Scripts: []*string{
// to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
// },
// RuleID: to.Ptr("VA2063"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
// RuleID: to.Ptr("VA2063"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusFinding),
// },
// }},
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Gets a list of scan results for a single scan record.
*
* @summary Gets a list of scan results for a single scan record.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
*/
async function listScanResultsOfTheLatestScan() {
const scanId = "latest";
const workspaceId = "55555555-6666-7777-8888-999999999999";
const resourceId =
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.sqlVulnerabilityAssessmentScanResults.list(
scanId,
workspaceId,
resourceId,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "latest";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);
// invoke the operation and iterate over the result
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
await foreach (SqlVulnerabilityAssessmentScanResult item in sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultsAsync(workspaceId))
{
Console.WriteLine($"Succeeded: {item}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062",
"name": "VA2062",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2062",
"status": "NonFinding",
"isTrimmed": false,
"queryResults": [],
"remediation": {
"description": "Remove database firewall rules that grant excessive access",
"scripts": [],
"automated": false,
"portalLink": ""
},
"baselineAdjustedResult": null,
"ruleMetadata": {
"ruleId": "VA2062",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Database-level firewall rules should not grant excessive access",
"description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
"name": "VA2063",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2063",
"status": "Finding",
"isTrimmed": false,
"queryResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"remediation": {
"description": "Remove server firewall rules that grant excessive access",
"scripts": [
"EXECUTE sp_delete_firewall_rule N'Test';"
],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"baselineAdjustedResult": {
"baseline": {
"expectedResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"updatedTime": "2020-02-04T12:49:41.027771+00:00"
},
"status": "NonFinding",
"resultsNotInBaseline": [],
"resultsOnlyInBaseline": []
},
"ruleMetadata": {
"ruleId": "VA2063",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Server-level firewall rules should not grant excessive access",
"description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
}
]
}
定義
Baseline
基準詳細數據。
| 名稱 |
類型 |
Description |
|
expectedResults
|
string[]
|
預期的結果。
|
|
updatedTime
|
string
|
基準更新時間(UTC)。
|
BaselineAdjustedResult
使用基準調整的規則結果。
| 名稱 |
類型 |
Description |
|
baseline
|
Baseline
|
基準詳細數據。
|
|
resultsNotInBaseline
|
string[]
|
的結果不在基準中。
|
|
resultsOnlyInBaseline
|
string[]
|
結果為基準。
|
|
status
|
RuleStatus
|
規則結果狀態。
|
BenchmarkReference
基準檢驗參考。
| 名稱 |
類型 |
Description |
|
benchmark
|
string
|
基準檢驗名稱。
|
|
reference
|
string
|
基準檢驗參考。
|
CloudError
所有 Azure Resource Manager API 的常見錯誤回應,以傳回失敗作業的錯誤詳細數據。 (這也遵循 OData 錯誤回應格式。)。
| 名稱 |
類型 |
Description |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
錯誤其他資訊。
|
|
error.code
|
string
|
錯誤碼。
|
|
error.details
|
CloudErrorBody[]
|
錯誤詳細數據。
|
|
error.message
|
string
|
錯誤訊息。
|
|
error.target
|
string
|
錯誤目標。
|
CloudErrorBody
錯誤詳細數據。
ErrorAdditionalInfo
資源管理錯誤其他資訊。
| 名稱 |
類型 |
Description |
|
info
|
object
|
其他資訊。
|
|
type
|
string
|
其他信息類型。
|
QueryCheck
規則查詢詳細數據。
| 名稱 |
類型 |
Description |
|
columnNames
|
string[]
|
預期結果的數據行名稱。
|
|
expectedResult
|
string[]
|
預期的結果。
|
|
query
|
string
|
規則查詢。
|
補救詳細數據。
| 名稱 |
類型 |
Description |
|
automated
|
boolean
|
補救是自動化的。
|
|
description
|
string
|
補救描述。
|
|
portalLink
|
string
|
在 Azure 入口網站中補救的選擇性連結。
|
|
scripts
|
string[]
|
補救腳本。
|
RuleSeverity
規則嚴重性。
| 名稱 |
類型 |
Description |
|
High
|
string
|
高
|
|
Informational
|
string
|
資訊
|
|
Low
|
string
|
低
|
|
Medium
|
string
|
中等
|
|
Obsolete
|
string
|
過時
|
RuleStatus
規則結果狀態。
| 名稱 |
類型 |
Description |
|
Finding
|
string
|
發現
|
|
InternalError
|
string
|
InternalError
|
|
NonFinding
|
string
|
NonFinding
|
RuleType
規則類型。
| 名稱 |
類型 |
Description |
|
BaselineExpected
|
string
|
BaselineExpected
|
|
Binary
|
string
|
二元的
|
|
NegativeList
|
string
|
NegativeList
|
|
PositiveList
|
string
|
PositiveList
|
ScanResult
單一規則的弱點評估掃描結果。
| 名稱 |
類型 |
Description |
|
id
|
string
|
資源標識碼
|
|
name
|
string
|
資源名稱
|
|
properties
|
ScanResultProperties
|
單一規則的弱點評估掃描結果屬性。
|
|
type
|
string
|
資源類型
|
ScanResultProperties
單一規則的弱點評估掃描結果屬性。
| 名稱 |
類型 |
Description |
|
baselineAdjustedResult
|
BaselineAdjustedResult
|
使用基準調整的規則結果。
|
|
isTrimmed
|
boolean
|
指出是否修剪這裡指定的結果。
|
|
queryResults
|
string[]
|
執行之查詢的結果。
|
|
remediation
|
Remediation
|
補救詳細數據。
|
|
ruleId
|
string
|
規則標識碼。
|
|
ruleMetadata
|
VaRule
|
弱點評量規則元數據詳細數據。
|
|
status
|
RuleStatus
|
規則結果狀態。
|
ScanResults
弱點評估掃描結果的清單。
VaRule
弱點評量規則元數據詳細數據。
| 名稱 |
類型 |
Description |
|
benchmarkReferences
|
BenchmarkReference[]
|
基準檢驗參考。
|
|
category
|
string
|
規則類別目錄。
|
|
description
|
string
|
規則描述。
|
|
queryCheck
|
QueryCheck
|
規則查詢詳細數據。
|
|
rationale
|
string
|
規則理由。
|
|
ruleId
|
string
|
規則標識碼。
|
|
ruleType
|
RuleType
|
規則類型。
|
|
severity
|
RuleSeverity
|
規則嚴重性。
|
|
title
|
string
|
規則標題。
|