Sql Vulnerability Assessment Scan Results - Get

Serviço:

Defender for Cloud

Versão da API:

2023-02-01-preview

Obtém os resultados da verificação de uma única regra em um registro de verificação.

GET https://management.azure.com/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults/{scanResultId}?workspaceId={workspaceId}&api-version=2023-02-01-preview

Parâmetros de URI

Nome	Em	Obrigatório	Tipo	Description
resourceId	path	True	string	O identificador do recurso.
scanId	path	True	string	A ID da verificação. Digite 'latest' para obter os resultados da verificação mais recente.
scanResultId	path	True	string	A ID da regra dos resultados.
api-version	query	True	string	A versão da API.
workspaceId	query	True	string	A ID do workspace.

Respostas

Nome	Tipo	Description
200 OK	ScanResult	Retorna os resultados da verificação.
Other Status Codes	CloudError	Resposta de erro que descreve por que a operação falhou.

Segurança

azure_auth

Fluxo OAuth2 do Azure Active Directory

Tipo: oauth2
Flow: implicit
URL de Autorização: https://login.microsoftonline.com/common/oauth2/authorize

Escopos

Nome	Description
user_impersonation	representar sua conta de usuário

Exemplos

Get scan details of a scan record

Get scan details of the latest scan record

Get scan details of a scan record

Solicitação de exemplo

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview

Java

/**
 * Samples for SqlVulnerabilityAssessmentScanResults Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
     * sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
     */
    /**
     * Sample code: Get scan details of a scan record.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getScanDetailsOfAScanRecord(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.sqlVulnerabilityAssessmentScanResults().getWithResponse("Scheduled-20200623", "VA2063",
            "55555555-6666-7777-8888-999999999999",
            "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_Get_getScanDetailsOfAScanRecord() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().Get(ctx, "Scheduled-20200623", "VA2063", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ScanResult = armsecurity.ScanResult{
	// 	Name: to.Ptr("VA2063"),
	// 	Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
	// 	ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
	// 	Properties: &armsecurity.ScanResultProperties{
	// 		BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
	// 			Baseline: &armsecurity.Baseline{
	// 				ExpectedResults: [][]*string{
	// 					[]*string{
	// 						to.Ptr("Test"),
	// 						to.Ptr("0.0.0.0"),
	// 						to.Ptr("125.125.125.125")}},
	// 						UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
	// 					},
	// 					ResultsNotInBaseline: [][]*string{
	// 					},
	// 					ResultsOnlyInBaseline: [][]*string{
	// 					},
	// 					Status: to.Ptr(armsecurity.RuleStatusNonFinding),
	// 				},
	// 				IsTrimmed: to.Ptr(false),
	// 				QueryResults: [][]*string{
	// 					[]*string{
	// 						to.Ptr("Test"),
	// 						to.Ptr("0.0.0.0"),
	// 						to.Ptr("125.125.125.125")}},
	// 						Remediation: &armsecurity.Remediation{
	// 							Description: to.Ptr("Remove server firewall rules that grant excessive access"),
	// 							Automated: to.Ptr(false),
	// 							PortalLink: to.Ptr("ReviewServerFirewallRules"),
	// 							Scripts: []*string{
	// 								to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
	// 							},
	// 							RuleID: to.Ptr("VA2063"),
	// 							RuleMetadata: &armsecurity.VaRule{
	// 								Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
	// 								BenchmarkReferences: []*armsecurity.BenchmarkReference{
	// 								},
	// 								Category: to.Ptr("SurfaceAreaReduction"),
	// 								QueryCheck: &armsecurity.QueryCheck{
	// 									ColumnNames: []*string{
	// 										to.Ptr("Firewall Rule Name"),
	// 										to.Ptr("Start Address"),
	// 										to.Ptr("End Address")},
	// 										ExpectedResult: [][]*string{
	// 										},
	// 										Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;"),
	// 									},
	// 									Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
	// 									RuleID: to.Ptr("VA2063"),
	// 									RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
	// 									Severity: to.Ptr(armsecurity.RuleSeverityHigh),
	// 									Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
	// 								},
	// 								Status: to.Ptr(armsecurity.RuleStatusFinding),
	// 							},
	// 						}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets the scan results of a single rule in a scan record.
 *
 * @summary Gets the scan results of a single rule in a scan record.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
 */
async function getScanDetailsOfAScanRecord() {
  const scanId = "Scheduled-20200623";
  const scanResultId = "VA2063";
  const workspaceId = "55555555-6666-7777-8888-999999999999";
  const resourceId =
    "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.sqlVulnerabilityAssessmentScanResults.get(
    scanId,
    scanResultId,
    workspaceId,
    resourceId,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "Scheduled-20200623";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);

// invoke the operation
string scanResultId = "VA2063";
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
SqlVulnerabilityAssessmentScanResult result = await sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultAsync(scanResultId, workspaceId);

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Resposta de exemplo

Código de status:

200

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
  "name": "VA2063",
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
  "properties": {
    "ruleId": "VA2063",
    "status": "Finding",
    "isTrimmed": false,
    "queryResults": [
      [
        "Test",
        "0.0.0.0",
        "125.125.125.125"
      ]
    ],
    "remediation": {
      "description": "Remove server firewall rules that grant excessive access",
      "scripts": [
        "EXECUTE sp_delete_firewall_rule N'Test';"
      ],
      "automated": false,
      "portalLink": "ReviewServerFirewallRules"
    },
    "baselineAdjustedResult": {
      "baseline": {
        "expectedResults": [
          [
            "Test",
            "0.0.0.0",
            "125.125.125.125"
          ]
        ],
        "updatedTime": "2020-02-04T12:49:41.027771+00:00"
      },
      "status": "NonFinding",
      "resultsNotInBaseline": [],
      "resultsOnlyInBaseline": []
    },
    "ruleMetadata": {
      "ruleId": "VA2063",
      "severity": "High",
      "category": "SurfaceAreaReduction",
      "ruleType": "NegativeList",
      "title": "Server-level firewall rules should not grant excessive access",
      "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
      "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
      "queryCheck": {
        "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;",
        "expectedResult": [],
        "columnNames": [
          "Firewall Rule Name",
          "Start Address",
          "End Address"
        ]
      },
      "benchmarkReferences": []
    }
  }
}

Get scan details of the latest scan record

Solicitação de exemplo

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults/VA2063?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview

Java

/**
 * Samples for SqlVulnerabilityAssessmentScanResults Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
     * sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
     */
    /**
     * Sample code: Get scan details of the latest scan record.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getScanDetailsOfTheLatestScanRecord(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.sqlVulnerabilityAssessmentScanResults().getWithResponse("latest", "VA2063",
            "55555555-6666-7777-8888-999999999999",
            "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_Get_getScanDetailsOfTheLatestScanRecord() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().Get(ctx, "latest", "VA2063", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ScanResult = armsecurity.ScanResult{
	// 	Name: to.Ptr("VA2063"),
	// 	Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
	// 	ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
	// 	Properties: &armsecurity.ScanResultProperties{
	// 		BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
	// 			Baseline: &armsecurity.Baseline{
	// 				ExpectedResults: [][]*string{
	// 					[]*string{
	// 						to.Ptr("Test"),
	// 						to.Ptr("0.0.0.0"),
	// 						to.Ptr("125.125.125.125")}},
	// 						UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
	// 					},
	// 					ResultsNotInBaseline: [][]*string{
	// 					},
	// 					ResultsOnlyInBaseline: [][]*string{
	// 					},
	// 					Status: to.Ptr(armsecurity.RuleStatusNonFinding),
	// 				},
	// 				IsTrimmed: to.Ptr(false),
	// 				QueryResults: [][]*string{
	// 					[]*string{
	// 						to.Ptr("Test"),
	// 						to.Ptr("0.0.0.0"),
	// 						to.Ptr("125.125.125.125")}},
	// 						Remediation: &armsecurity.Remediation{
	// 							Description: to.Ptr("Remove server firewall rules that grant excessive access"),
	// 							Automated: to.Ptr(false),
	// 							PortalLink: to.Ptr("ReviewServerFirewallRules"),
	// 							Scripts: []*string{
	// 								to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
	// 							},
	// 							RuleID: to.Ptr("VA2063"),
	// 							RuleMetadata: &armsecurity.VaRule{
	// 								Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
	// 								BenchmarkReferences: []*armsecurity.BenchmarkReference{
	// 								},
	// 								Category: to.Ptr("SurfaceAreaReduction"),
	// 								QueryCheck: &armsecurity.QueryCheck{
	// 									ColumnNames: []*string{
	// 										to.Ptr("Firewall Rule Name"),
	// 										to.Ptr("Start Address"),
	// 										to.Ptr("End Address")},
	// 										ExpectedResult: [][]*string{
	// 										},
	// 										Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;"),
	// 									},
	// 									Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
	// 									RuleID: to.Ptr("VA2063"),
	// 									RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
	// 									Severity: to.Ptr(armsecurity.RuleSeverityHigh),
	// 									Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
	// 								},
	// 								Status: to.Ptr(armsecurity.RuleStatusFinding),
	// 							},
	// 						}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets the scan results of a single rule in a scan record.
 *
 * @summary Gets the scan results of a single rule in a scan record.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
 */
async function getScanDetailsOfTheLatestScanRecord() {
  const scanId = "latest";
  const scanResultId = "VA2063";
  const workspaceId = "55555555-6666-7777-8888-999999999999";
  const resourceId =
    "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.sqlVulnerabilityAssessmentScanResults.get(
    scanId,
    scanResultId,
    workspaceId,
    resourceId,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "latest";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);

// invoke the operation
string scanResultId = "VA2063";
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
SqlVulnerabilityAssessmentScanResult result = await sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultAsync(scanResultId, workspaceId);

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Resposta de exemplo

Código de status:

200

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
  "name": "VA2063",
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
  "properties": {
    "ruleId": "VA2063",
    "status": "Finding",
    "isTrimmed": false,
    "queryResults": [
      [
        "Test",
        "0.0.0.0",
        "125.125.125.125"
      ]
    ],
    "remediation": {
      "description": "Remove server firewall rules that grant excessive access",
      "scripts": [
        "EXECUTE sp_delete_firewall_rule N'Test';"
      ],
      "automated": false,
      "portalLink": "ReviewServerFirewallRules"
    },
    "baselineAdjustedResult": {
      "baseline": {
        "expectedResults": [
          [
            "Test",
            "0.0.0.0",
            "125.125.125.125"
          ]
        ],
        "updatedTime": "2020-02-04T12:49:41.027771+00:00"
      },
      "status": "NonFinding",
      "resultsNotInBaseline": [],
      "resultsOnlyInBaseline": []
    },
    "ruleMetadata": {
      "ruleId": "VA2063",
      "severity": "High",
      "category": "SurfaceAreaReduction",
      "ruleType": "NegativeList",
      "title": "Server-level firewall rules should not grant excessive access",
      "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
      "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
      "queryCheck": {
        "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;",
        "expectedResult": [],
        "columnNames": [
          "Firewall Rule Name",
          "Start Address",
          "End Address"
        ]
      },
      "benchmarkReferences": []
    }
  }
}

Definições

Nome	Description
Baseline	Detalhes da linha de base.
BaselineAdjustedResult	O resultado da regra ajustado com a linha de base.
BenchmarkReference	As referências de parâmetro de comparação.
CloudError	Resposta de erro comum para todas as APIs do Azure Resource Manager retornarem detalhes de erro para operações com falha. (Isso também segue o formato de resposta de erro OData.).
CloudErrorBody	O detalhe do erro.
ErrorAdditionalInfo	As informações adicionais do erro de gerenciamento de recursos.
QueryCheck	Os detalhes da consulta de regra.
Remediation	Detalhes de correção.
RuleSeverity	A gravidade da regra.
RuleStatus	O status do resultado da regra.
RuleType	O tipo de regra.
ScanResult	Um resultado de verificação de avaliação de vulnerabilidade para uma única regra.
ScanResultProperties	Uma avaliação de vulnerabilidade verifica as propriedades de resultado de uma única regra.
VaRule	detalhes dos metadados da regra de avaliação de vulnerabilidade.

Baseline

Detalhes da linha de base.

Nome	Tipo	Description
expectedResults	string[]	Resultados esperados.
updatedTime	string	Hora de atualização da linha de base (UTC).

BaselineAdjustedResult

O resultado da regra ajustado com a linha de base.

Nome	Tipo	Description
baseline	Baseline	Detalhes da linha de base.
resultsNotInBaseline	string[]	Resultados que não estão na linha de base.
resultsOnlyInBaseline	string[]	Os resultados estão na linha de base.
status	RuleStatus	O status do resultado da regra.

BenchmarkReference

As referências de parâmetro de comparação.

Nome	Tipo	Description
benchmark	string	O nome do parâmetro de comparação.
reference	string	A referência de parâmetro de comparação.

CloudError

Resposta de erro comum para todas as APIs do Azure Resource Manager retornarem detalhes de erro para operações com falha. (Isso também segue o formato de resposta de erro OData.).

Nome	Tipo	Description
error.additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
error.code	string	O código de erro.
error.details	CloudErrorBody[]	Os detalhes do erro.
error.message	string	A mensagem de erro.
error.target	string	O destino do erro.

CloudErrorBody

O detalhe do erro.

Nome	Tipo	Description
additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
code	string	O código de erro.
details	CloudErrorBody[]	Os detalhes do erro.
message	string	A mensagem de erro.
target	string	O destino do erro.

ErrorAdditionalInfo

As informações adicionais do erro de gerenciamento de recursos.

Nome	Tipo	Description
info	object	As informações adicionais.
type	string	O tipo de informação adicional.

QueryCheck

Os detalhes da consulta de regra.

Nome	Tipo	Description
columnNames	string[]	Nomes de coluna do resultado esperado.
expectedResult	string[]	Resultado esperado.
query	string	A consulta de regra.

Remediation

Detalhes de correção.

Nome	Tipo	Description
automated	boolean	A correção é automatizada.
description	string	Descrição da correção.
portalLink	string	Link opcional para correção no Portal do Azure.
scripts	string[]	Script de correção.

RuleSeverity

A gravidade da regra.

Nome	Tipo	Description
High	string	Alto
Informational	string	Informativo
Low	string	Baixo
Medium	string	Média
Obsolete	string	Obsoleto

RuleStatus

O status do resultado da regra.

Nome	Tipo	Description
Finding	string	Achado
InternalError	string	InternalError
NonFinding	string	NonFinding

RuleType

O tipo de regra.

Nome	Tipo	Description
BaselineExpected	string	BaselineExpected
Binary	string	Binário
NegativeList	string	NegativeList
PositiveList	string	PositiveList

ScanResult

Um resultado de verificação de avaliação de vulnerabilidade para uma única regra.

Nome	Tipo	Description
id	string	ID do recurso
name	string	Nome do recurso
properties	ScanResultProperties	Uma avaliação de vulnerabilidade verifica as propriedades de resultado de uma única regra.
type	string	Tipo de recurso

ScanResultProperties

Uma avaliação de vulnerabilidade verifica as propriedades de resultado de uma única regra.

Nome	Tipo	Description
baselineAdjustedResult	BaselineAdjustedResult	O resultado da regra ajustado com a linha de base.
isTrimmed	boolean	Indicou se os resultados especificados aqui são cortados.
queryResults	string[]	Os resultados da consulta que foi executada.
remediation	Remediation	Detalhes de correção.
ruleId	string	A ID da regra.
ruleMetadata	VaRule	detalhes dos metadados da regra de avaliação de vulnerabilidade.
status	RuleStatus	O status do resultado da regra.

VaRule

detalhes dos metadados da regra de avaliação de vulnerabilidade.

Nome	Tipo	Description
benchmarkReferences	BenchmarkReference[]	As referências de parâmetro de comparação.
category	string	A categoria de regra.
description	string	A descrição da regra.
queryCheck	QueryCheck	Os detalhes da consulta de regra.
rationale	string	A lógica da regra.
ruleId	string	A ID da regra.
ruleType	RuleType	O tipo de regra.
severity	RuleSeverity	A gravidade da regra.
title	string	O título da regra.