Delen via


Sql Vulnerability Assessment Scan Result - Get

Gets a vulnerability assessment scan record of a database.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults/{scanResultId}?systemDatabaseName=master&api-version=2024-05-01-preview

URI Parameters

Name In Required Type Description
resourceGroupName
path True

string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

scanId
path True

string

The scan id of the SQL Vulnerability Assessment scan to retrieve result from.

scanResultId
path True

string

The scan result id of the specific result to retrieve.

serverName
path True

string

The name of the server.

subscriptionId
path True

string

The subscription ID that identifies an Azure subscription.

vulnerabilityAssessmentName
path True

SqlVulnerabilityAssessmentName

The name of the SQL Vulnerability Assessment.

api-version
query True

string

The API version to use for the request.

systemDatabaseName
query True

VulnerabilityAssessmentSystemDatabaseName

The SQL vulnerability assessment system database name.

Responses

Name Type Description
200 OK

SqlVulnerabilityAssessmentScanResults

Successfully retrieved SQL Vulnerability Assessment scan results for id.

Other Status Codes

ErrorResponse

*** Error Responses: ***

  • 400 SqlVulnerabilityAssessmentIsDisabled - SQL vulnerability assessment feature is disabled. please enable the feature before executing other SQL vulnerability assessment operations.

  • 400 SqlVulnerabilityAssessmentInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.

  • 400 InvalidSqlVulnerabilityAssessmentBaselineInput - The SQL vulnerability assessment baseline input is null or empty.

  • 400 InvalidSqlVulnerabilityAssessmentSettingsInput - The SQL vulnerability assessment setting input is null or empty

  • 400 SqlVulnerabilityAssessmentScanResultsAreNotAvailableYet - SQL vulnerability assessment results are not available yet, please try again later.

  • 400 SqlVulnerabilityAssessmentInvalidRuleId - The SQL vulnerability assessment rule id is invalid.

  • 400 SqlVulnerabilityAssessmentScanDoesNotExist - SQL vulnerability assessment scan does not exist.

  • 400 SqlVulnerabilityAssessmentNoBaseline - No baseline have been found for the latest scan in the resource

  • 400 SqlVulnerabilityAssessmentNoRuleBaseline - No SQL vulnerability assessment baseline was found

  • 400 SqlVulnerabilityAssessmentBaselineNoScanResults - No scan results have been found for rule Id. To set a baseline there must be results for this rule in the latest scan available

  • 400 SqlVulnerabilityAssessmentBadBinaryRuleFormat - Input for binary rule is not a boolean representation

  • 400 SqlVulnerabilityAssessmentBadRuleFormat - The provided results do not comply with the actual layout of the scan results

  • 400 SqlVulnerabilityAssessmentBadRuleWithoutRuleIdFormat - The provided results do not comply with the actual layout of the scan results

  • 400 SqlVulnerabilityAssessmentBadBinaryRuleWithoutRuleIdFormat - Input for binary rule is not a boolean representation

  • 400 SqlVulnerabilityAssessmentBaselineNoScanResultsWithoutRuleId - No scan results have been found for one of the rules. To set a baseline there must be results for this rule in the latest scan available

  • 400 SqlVulnerabilityAssessmentEmptyBaseline - Baseline not set because the results are null or empty

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 SourceDatabaseNotFound - The source database does not exist.

  • 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.

  • 409 DatabaseVulnerabilityAssessmentScanIsAlreadyInProgress - SQL Vulnerability Assessment scan is already in progress

  • 409 SqlVulnerabilityAssessmentStoragefullApiIsEnabled - Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version. Additional troubleshooting information can be found https://aka.ms/SQLVAStoragelessDocumentation.

  • 500 DatabaseIsUnavailable - Loading failed. Please try again later.

Examples

Get a system database SQL Vulnerability Assessment scan result for scan id and scan result id

Sample request

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityassessmenttest-4711/providers/Microsoft.Sql/servers/vulnerabilityassessmenttest-6411/sqlVulnerabilityAssessments/default/scans/scanId1/scanResults/VA1234?systemDatabaseName=master&api-version=2024-05-01-preview

Sample response

{
  "properties": {
    "ruleId": "VA1234",
    "status": "NonFinding",
    "errorMessage": null,
    "isTrimmed": false,
    "queryResults": [
      [
        "a1",
        "a2",
        "a3"
      ],
      [
        "b1",
        "b2",
        "b3"
      ]
    ],
    "remediation": {
      "description": "Remove users",
      "scripts": [
        "drop user a",
        "drop user b"
      ],
      "automated": false,
      "portalLink": null
    },
    "baselineAdjustedResult": null,
    "ruleMetadata": {
      "ruleId": "VA1234",
      "severity": "Informational",
      "category": "information",
      "ruleType": "NegativeList",
      "title": "This is the title",
      "description": "This is an example check",
      "rationale": "This is important",
      "queryCheck": {
        "query": "Select a1,a2, a3",
        "expectedResult": [],
        "columnNames": [
          "col1",
          "col2",
          "col3"
        ]
      },
      "benchmarkReferences": [
        {
          "benchmark": "fedramp",
          "reference": "v1"
        }
      ]
    }
  },
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityassessmenttest-4711/providers/Microsoft.Sql/servers/vulnerabilityassessmenttest-6411/sqlVulnerabilityAssessments/Default/scans/scanId1/scanResults/VA1234",
  "name": "VA1234",
  "type": "Microsoft.Sql/servers/sqlVulnerabilityAssessments/scans/scanResults"
}

Definitions

Name Description
Baseline

SQL Vulnerability Assessment baseline Details

BaselineAdjustedResult

SQL Vulnerability Assessment baseline adjusted results

BenchmarkReference

SQL Vulnerability Assessment benchmark reference

createdByType

The type of identity that created the resource.

ErrorAdditionalInfo

The resource management error additional info.

ErrorDetail

The error detail.

ErrorResponse

Error response

QueryCheck

SQL Vulnerability Assessment query check object.

Remediation

SQL Vulnerability Assessment remediation Details.

RuleSeverity

SQL Vulnerability Assessment rule severity.

RuleStatus

SQL Vulnerability Assessment baseline status

RuleType

SQL Vulnerability Assessment rule type.

SqlVulnerabilityAssessmentName

The name of the SQL Vulnerability Assessment.

SqlVulnerabilityAssessmentScanResults
systemData

Metadata pertaining to creation and last modification of the resource.

VaRule

SQL Vulnerability Assessment rule metadata details.

VulnerabilityAssessmentSystemDatabaseName

The SQL vulnerability assessment system database name.

Baseline

SQL Vulnerability Assessment baseline Details

Name Type Description
expectedResults

string[]

SQL Vulnerability Assessment baseline expected results

updatedTime

string

SQL Vulnerability Assessment baseline update time (UTC)

BaselineAdjustedResult

SQL Vulnerability Assessment baseline adjusted results

Name Type Description
baseline

Baseline

SQL Vulnerability Assessment baseline details

resultsNotInBaseline

string[]

SQL Vulnerability Assessment results that are not in baseline

resultsOnlyInBaseline

string[]

SQL Vulnerability Assessment results that are in baseline.

status

RuleStatus

SQL Vulnerability Assessment baseline status

BenchmarkReference

SQL Vulnerability Assessment benchmark reference

Name Type Description
benchmark

string

SQL Vulnerability Assessment benchmark name

reference

string

SQL Vulnerability Assessment benchmark reference.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

ErrorDetail

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

ErrorDetail[]

The error details.

message

string

The error message.

target

string

The error target.

ErrorResponse

Error response

Name Type Description
error

ErrorDetail

The error object.

QueryCheck

SQL Vulnerability Assessment query check object.

Name Type Description
columnNames

string[]

SQL Vulnerability Assessment column names of query expected result.

expectedResult

string[]

SQL Vulnerability Assessment query expected result.

query

string

SQL Vulnerability Assessment rule query.

Remediation

SQL Vulnerability Assessment remediation Details.

Name Type Description
automated

boolean

SQL Vulnerability Assessment is remediation automated.

description

string

SQL Vulnerability Assessment remediation description.

portalLink

string

SQL Vulnerability Assessment optional link to remediate in Azure Portal.

scripts

string[]

SQL Vulnerability Assessment remediation script.

RuleSeverity

SQL Vulnerability Assessment rule severity.

Name Type Description
High

string

Informational

string

Low

string

Medium

string

Obsolete

string

RuleStatus

SQL Vulnerability Assessment baseline status

Name Type Description
Finding

string

InternalError

string

NonFinding

string

RuleType

SQL Vulnerability Assessment rule type.

Name Type Description
BaselineExpected

string

Binary

string

NegativeList

string

PositiveList

string

SqlVulnerabilityAssessmentName

The name of the SQL Vulnerability Assessment.

Name Type Description
default

string

SqlVulnerabilityAssessmentScanResults

Name Type Description
id

string

Resource ID.

name

string

Resource name.

properties.baselineAdjustedResult

BaselineAdjustedResult

SQL Vulnerability Assessment rule result adjusted with baseline.

properties.errorMessage

string

SQL Vulnerability Assessment error message.

properties.isTrimmed

boolean

SQL Vulnerability Assessment is the query results trimmed.

properties.queryResults

string[]

SQL Vulnerability Assessment query results that was run.

properties.remediation

Remediation

SQL Vulnerability Assessment the remediation details.

properties.ruleId

string

SQL Vulnerability Assessment rule Id.

properties.ruleMetadata

VaRule

SQL Vulnerability Assessment rule metadata.

properties.status

RuleStatus

SQL Vulnerability Assessment rule result status.

systemData

systemData

SystemData of AdvancedThreatProtectionResource.

type

string

Resource type.

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.

VaRule

SQL Vulnerability Assessment rule metadata details.

Name Type Description
benchmarkReferences

BenchmarkReference[]

SQL Vulnerability Assessment benchmark references.

category

string

SQL Vulnerability Assessment rule category.

description

string

SQL Vulnerability Assessment rule description.

queryCheck

QueryCheck

SQL Vulnerability Assessment rule query details.

rationale

string

SQL Vulnerability Assessment rule rationale.

ruleId

string

SQL Vulnerability Assessment rule Id.

ruleType

RuleType

SQL Vulnerability Assessment rule type.

severity

RuleSeverity

SQL Vulnerability Assessment rule severity.

title

string

SQL Vulnerability Assessment rule title.

VulnerabilityAssessmentSystemDatabaseName

The SQL vulnerability assessment system database name.

Name Type Description
master

string