Gets a list of scan results for a single scan record.
GET https://management.azure.com/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults?workspaceId={workspaceId}&api-version=2023-02-01-preview
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
resourceId
|
path |
True
|
string
|
The identifier of the resource.
|
|
scanId
|
path |
True
|
string
|
The scan Id. Type 'latest' to get the scan results for the latest scan.
|
|
api-version
|
query |
True
|
string
|
The api version.
|
|
workspaceId
|
query |
True
|
string
|
The workspace Id.
|
Responses
| Name |
Type |
Description |
|
200 OK
|
ScanResults
|
Returns the list of scan results.
|
|
Other Status Codes
|
CloudError
|
Error response describing why the operation failed.
|
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
List scan results
Sample request
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview
/**
* Samples for SqlVulnerabilityAssessmentScanResults List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
* sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
*/
/**
* Sample code: List scan results.
*
* @param manager Entry point to SecurityManager.
*/
public static void listScanResults(com.azure.resourcemanager.security.SecurityManager manager) {
manager.sqlVulnerabilityAssessmentScanResults().listWithResponse("Scheduled-20200623",
"55555555-6666-7777-8888-999999999999",
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_List_listScanResults() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().List(ctx, "Scheduled-20200623", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ScanResults = armsecurity.ScanResults{
// Value: []*armsecurity.ScanResult{
// {
// Name: to.Ptr("VA2062"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062"),
// Properties: &armsecurity.ScanResultProperties{
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// },
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove database firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr(""),
// Scripts: []*string{
// },
// },
// RuleID: to.Ptr("VA2062"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall."),
// RuleID: to.Ptr("VA2062"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Database-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// },
// {
// Name: to.Ptr("VA2063"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
// Properties: &armsecurity.ScanResultProperties{
// BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
// Baseline: &armsecurity.Baseline{
// ExpectedResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
// },
// ResultsNotInBaseline: [][]*string{
// },
// ResultsOnlyInBaseline: [][]*string{
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove server firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr("ReviewServerFirewallRules"),
// Scripts: []*string{
// to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
// },
// RuleID: to.Ptr("VA2063"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
// RuleID: to.Ptr("VA2063"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusFinding),
// },
// }},
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Gets a list of scan results for a single scan record.
*
* @summary Gets a list of scan results for a single scan record.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
*/
async function listScanResults() {
const scanId = "Scheduled-20200623";
const workspaceId = "55555555-6666-7777-8888-999999999999";
const resourceId =
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.sqlVulnerabilityAssessmentScanResults.list(
scanId,
workspaceId,
resourceId,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "Scheduled-20200623";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);
// invoke the operation and iterate over the result
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
await foreach (SqlVulnerabilityAssessmentScanResult item in sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultsAsync(workspaceId))
{
Console.WriteLine($"Succeeded: {item}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062",
"name": "VA2062",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2062",
"status": "NonFinding",
"isTrimmed": false,
"queryResults": [],
"remediation": {
"description": "Remove database firewall rules that grant excessive access",
"scripts": [],
"automated": false,
"portalLink": ""
},
"baselineAdjustedResult": null,
"ruleMetadata": {
"ruleId": "VA2062",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Database-level firewall rules should not grant excessive access",
"description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
"name": "VA2063",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2063",
"status": "Finding",
"isTrimmed": false,
"queryResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"remediation": {
"description": "Remove server firewall rules that grant excessive access",
"scripts": [
"EXECUTE sp_delete_firewall_rule N'Test';"
],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"baselineAdjustedResult": {
"baseline": {
"expectedResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"updatedTime": "2020-02-04T12:49:41.027771+00:00"
},
"status": "NonFinding",
"resultsNotInBaseline": [],
"resultsOnlyInBaseline": []
},
"ruleMetadata": {
"ruleId": "VA2063",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Server-level firewall rules should not grant excessive access",
"description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
}
]
}
List scan results of the latest scan
Sample request
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview
/**
* Samples for SqlVulnerabilityAssessmentScanResults List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
* sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
*/
/**
* Sample code: List scan results of the latest scan.
*
* @param manager Entry point to SecurityManager.
*/
public static void listScanResultsOfTheLatestScan(com.azure.resourcemanager.security.SecurityManager manager) {
manager.sqlVulnerabilityAssessmentScanResults().listWithResponse("latest",
"55555555-6666-7777-8888-999999999999",
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_List_listScanResultsOfTheLatestScan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().List(ctx, "latest", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ScanResults = armsecurity.ScanResults{
// Value: []*armsecurity.ScanResult{
// {
// Name: to.Ptr("VA2062"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062"),
// Properties: &armsecurity.ScanResultProperties{
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// },
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove database firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr(""),
// Scripts: []*string{
// },
// },
// RuleID: to.Ptr("VA2062"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall."),
// RuleID: to.Ptr("VA2062"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Database-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// },
// {
// Name: to.Ptr("VA2063"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
// Properties: &armsecurity.ScanResultProperties{
// BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
// Baseline: &armsecurity.Baseline{
// ExpectedResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
// },
// ResultsNotInBaseline: [][]*string{
// },
// ResultsOnlyInBaseline: [][]*string{
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove server firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr("ReviewServerFirewallRules"),
// Scripts: []*string{
// to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
// },
// RuleID: to.Ptr("VA2063"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
// RuleID: to.Ptr("VA2063"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusFinding),
// },
// }},
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Gets a list of scan results for a single scan record.
*
* @summary Gets a list of scan results for a single scan record.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
*/
async function listScanResultsOfTheLatestScan() {
const scanId = "latest";
const workspaceId = "55555555-6666-7777-8888-999999999999";
const resourceId =
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.sqlVulnerabilityAssessmentScanResults.list(
scanId,
workspaceId,
resourceId,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "latest";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);
// invoke the operation and iterate over the result
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
await foreach (SqlVulnerabilityAssessmentScanResult item in sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultsAsync(workspaceId))
{
Console.WriteLine($"Succeeded: {item}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062",
"name": "VA2062",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2062",
"status": "NonFinding",
"isTrimmed": false,
"queryResults": [],
"remediation": {
"description": "Remove database firewall rules that grant excessive access",
"scripts": [],
"automated": false,
"portalLink": ""
},
"baselineAdjustedResult": null,
"ruleMetadata": {
"ruleId": "VA2062",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Database-level firewall rules should not grant excessive access",
"description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
"name": "VA2063",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2063",
"status": "Finding",
"isTrimmed": false,
"queryResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"remediation": {
"description": "Remove server firewall rules that grant excessive access",
"scripts": [
"EXECUTE sp_delete_firewall_rule N'Test';"
],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"baselineAdjustedResult": {
"baseline": {
"expectedResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"updatedTime": "2020-02-04T12:49:41.027771+00:00"
},
"status": "NonFinding",
"resultsNotInBaseline": [],
"resultsOnlyInBaseline": []
},
"ruleMetadata": {
"ruleId": "VA2063",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Server-level firewall rules should not grant excessive access",
"description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
}
]
}
Definitions
Baseline
Baseline details.
| Name |
Type |
Description |
|
expectedResults
|
string[]
|
Expected results.
|
|
updatedTime
|
string
|
Baseline update time (UTC).
|
BaselineAdjustedResult
The rule result adjusted with baseline.
| Name |
Type |
Description |
|
baseline
|
Baseline
|
Baseline details.
|
|
resultsNotInBaseline
|
string[]
|
Results the are not in baseline.
|
|
resultsOnlyInBaseline
|
string[]
|
Results the are in baseline.
|
|
status
|
RuleStatus
|
The rule result status.
|
BenchmarkReference
The benchmark references.
| Name |
Type |
Description |
|
benchmark
|
string
|
The benchmark name.
|
|
reference
|
string
|
The benchmark reference.
|
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
| Name |
Type |
Description |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
The error additional info.
|
|
error.code
|
string
|
The error code.
|
|
error.details
|
CloudErrorBody[]
|
The error details.
|
|
error.message
|
string
|
The error message.
|
|
error.target
|
string
|
The error target.
|
CloudErrorBody
The error detail.
| Name |
Type |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
The error additional info.
|
|
code
|
string
|
The error code.
|
|
details
|
CloudErrorBody[]
|
The error details.
|
|
message
|
string
|
The error message.
|
|
target
|
string
|
The error target.
|
ErrorAdditionalInfo
The resource management error additional info.
| Name |
Type |
Description |
|
info
|
object
|
The additional info.
|
|
type
|
string
|
The additional info type.
|
QueryCheck
The rule query details.
| Name |
Type |
Description |
|
columnNames
|
string[]
|
Column names of expected result.
|
|
expectedResult
|
string[]
|
Expected result.
|
|
query
|
string
|
The rule query.
|
Remediation details.
| Name |
Type |
Description |
|
automated
|
boolean
|
Is remediation automated.
|
|
description
|
string
|
Remediation description.
|
|
portalLink
|
string
|
Optional link to remediate in Azure Portal.
|
|
scripts
|
string[]
|
Remediation script.
|
RuleSeverity
The rule severity.
| Name |
Type |
Description |
|
High
|
string
|
High
|
|
Informational
|
string
|
Informational
|
|
Low
|
string
|
Low
|
|
Medium
|
string
|
Medium
|
|
Obsolete
|
string
|
Obsolete
|
RuleStatus
The rule result status.
| Name |
Type |
Description |
|
Finding
|
string
|
Finding
|
|
InternalError
|
string
|
InternalError
|
|
NonFinding
|
string
|
NonFinding
|
RuleType
The rule type.
| Name |
Type |
Description |
|
BaselineExpected
|
string
|
BaselineExpected
|
|
Binary
|
string
|
Binary
|
|
NegativeList
|
string
|
NegativeList
|
|
PositiveList
|
string
|
PositiveList
|
ScanResult
A vulnerability assessment scan result for a single rule.
| Name |
Type |
Description |
|
id
|
string
|
Resource Id
|
|
name
|
string
|
Resource name
|
|
properties
|
ScanResultProperties
|
A vulnerability assessment scan result properties for a single rule.
|
|
type
|
string
|
Resource type
|
ScanResultProperties
A vulnerability assessment scan result properties for a single rule.
| Name |
Type |
Description |
|
baselineAdjustedResult
|
BaselineAdjustedResult
|
The rule result adjusted with baseline.
|
|
isTrimmed
|
boolean
|
Indicated whether the results specified here are trimmed.
|
|
queryResults
|
string[]
|
The results of the query that was run.
|
|
remediation
|
Remediation
|
Remediation details.
|
|
ruleId
|
string
|
The rule Id.
|
|
ruleMetadata
|
VaRule
|
vulnerability assessment rule metadata details.
|
|
status
|
RuleStatus
|
The rule result status.
|
ScanResults
A list of vulnerability assessment scan results.
| Name |
Type |
Description |
|
value
|
ScanResult[]
|
List of vulnerability assessment scan results.
|
VaRule
vulnerability assessment rule metadata details.
| Name |
Type |
Description |
|
benchmarkReferences
|
BenchmarkReference[]
|
The benchmark references.
|
|
category
|
string
|
The rule category.
|
|
description
|
string
|
The rule description.
|
|
queryCheck
|
QueryCheck
|
The rule query details.
|
|
rationale
|
string
|
The rule rationale.
|
|
ruleId
|
string
|
The rule Id.
|
|
ruleType
|
RuleType
|
The rule type.
|
|
severity
|
RuleSeverity
|
The rule severity.
|
|
title
|
string
|
The rule title.
|