Sql Vulnerability Assessment Scan Results - List
Возвращает список результатов сканирования для одной записи сканирования.
GET https://management.azure.com/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults?workspaceId={workspaceId}&api-version=2023-02-01-previewПараметры URI
| Имя | В | Обязательно | Тип | Описание |
|---|---|---|---|---|
|
resource
|
path | True |
string |
Идентификатор ресурса. |
|
scan
|
path | True |
string |
Идентификатор сканирования. Введите "последние", чтобы получить результаты сканирования для последней проверки. |
|
api-version
|
query | True |
string |
Версия API. |
|
workspace
|
query | True |
string |
Идентификатор рабочей области. |
Ответы
| Имя | Тип | Описание |
|---|---|---|
| 200 OK |
Возвращает список результатов сканирования. |
|
| Other Status Codes |
Ответ на ошибку, описывающий причину сбоя операции. |
Безопасность
azure_auth
Поток OAuth2 Azure Active Directory
Тип:
oauth2
Flow:
implicit
URL-адрес авторизации:
https://login.microsoftonline.com/common/oauth2/authorize
Области
| Имя | Описание |
|---|---|
| user_impersonation | олицетворения учетной записи пользователя |
Примеры
| List scan results |
| List scan results of the latest scan |
List scan results
Образец запроса
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview
Пример ответа
{
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062",
"name": "VA2062",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2062",
"status": "NonFinding",
"isTrimmed": false,
"queryResults": [],
"remediation": {
"description": "Remove database firewall rules that grant excessive access",
"scripts": [],
"automated": false,
"portalLink": ""
},
"baselineAdjustedResult": null,
"ruleMetadata": {
"ruleId": "VA2062",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Database-level firewall rules should not grant excessive access",
"description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
"name": "VA2063",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2063",
"status": "Finding",
"isTrimmed": false,
"queryResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"remediation": {
"description": "Remove server firewall rules that grant excessive access",
"scripts": [
"EXECUTE sp_delete_firewall_rule N'Test';"
],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"baselineAdjustedResult": {
"baseline": {
"expectedResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"updatedTime": "2020-02-04T12:49:41.027771+00:00"
},
"status": "NonFinding",
"resultsNotInBaseline": [],
"resultsOnlyInBaseline": []
},
"ruleMetadata": {
"ruleId": "VA2063",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Server-level firewall rules should not grant excessive access",
"description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
}
]
}List scan results of the latest scan
Образец запроса
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview
Пример ответа
{
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062",
"name": "VA2062",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2062",
"status": "NonFinding",
"isTrimmed": false,
"queryResults": [],
"remediation": {
"description": "Remove database firewall rules that grant excessive access",
"scripts": [],
"automated": false,
"portalLink": ""
},
"baselineAdjustedResult": null,
"ruleMetadata": {
"ruleId": "VA2062",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Database-level firewall rules should not grant excessive access",
"description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
"name": "VA2063",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2063",
"status": "Finding",
"isTrimmed": false,
"queryResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"remediation": {
"description": "Remove server firewall rules that grant excessive access",
"scripts": [
"EXECUTE sp_delete_firewall_rule N'Test';"
],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"baselineAdjustedResult": {
"baseline": {
"expectedResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"updatedTime": "2020-02-04T12:49:41.027771+00:00"
},
"status": "NonFinding",
"resultsNotInBaseline": [],
"resultsOnlyInBaseline": []
},
"ruleMetadata": {
"ruleId": "VA2063",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Server-level firewall rules should not grant excessive access",
"description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
}
]
}Определения
| Имя | Описание |
|---|---|
| Baseline |
Базовые сведения. |
|
Baseline |
Результат правила, скорректированный с помощью базовых показателей. |
|
Benchmark |
Ссылки на тесты. |
|
Cloud |
Распространенный ответ об ошибке для всех API Azure Resource Manager для возврата сведений об ошибке для неудачных операций. (Это также следует формату ответа об ошибках OData.). |
|
Cloud |
Сведения об ошибке. |
|
Error |
Дополнительные сведения об ошибке управления ресурсами. |
|
Query |
Сведения о запросе правила. |
| Remediation |
Сведения об исправлении. |
|
Rule |
Серьезность правила. |
|
Rule |
Состояние результата правила. |
|
Rule |
Тип правила. |
|
Scan |
Результат проверки уязвимостей для одного правила. |
|
Scan |
Свойства результатов проверки уязвимостей для одного правила. |
|
Scan |
Список результатов проверки уязвимостей. |
|
Va |
Сведения о метаданных правила оценки уязвимостей. |
Baseline
Базовые сведения.
| Имя | Тип | Описание |
|---|---|---|
| expectedResults |
string[] |
Ожидаемые результаты. |
| updatedTime |
string |
Базовое время обновления (UTC). |
BaselineAdjustedResult
Результат правила, скорректированный с помощью базовых показателей.
| Имя | Тип | Описание |
|---|---|---|
| baseline |
Базовые сведения. |
|
| resultsNotInBaseline |
string[] |
Результаты не находятся в базовых показателях. |
| resultsOnlyInBaseline |
string[] |
Результаты находятся в базовых показателях. |
| status |
Состояние результата правила. |
BenchmarkReference
Ссылки на тесты.
| Имя | Тип | Описание |
|---|---|---|
| benchmark |
string |
Имя теста. |
| reference |
string |
Справочник по эталону. |
CloudError
Распространенный ответ об ошибке для всех API Azure Resource Manager для возврата сведений об ошибке для неудачных операций. (Это также следует формату ответа об ошибках OData.).
| Имя | Тип | Описание |
|---|---|---|
| error.additionalInfo |
Дополнительные сведения об ошибке. |
|
| error.code |
string |
Код ошибки. |
| error.details |
Сведения об ошибке. |
|
| error.message |
string |
Сообщение об ошибке. |
| error.target |
string |
Целевой объект ошибки. |
CloudErrorBody
Сведения об ошибке.
| Имя | Тип | Описание |
|---|---|---|
| additionalInfo |
Дополнительные сведения об ошибке. |
|
| code |
string |
Код ошибки. |
| details |
Сведения об ошибке. |
|
| message |
string |
Сообщение об ошибке. |
| target |
string |
Целевой объект ошибки. |
ErrorAdditionalInfo
Дополнительные сведения об ошибке управления ресурсами.
| Имя | Тип | Описание |
|---|---|---|
| info |
object |
Дополнительные сведения. |
| type |
string |
Дополнительный тип сведений. |
QueryCheck
Сведения о запросе правила.
| Имя | Тип | Описание |
|---|---|---|
| columnNames |
string[] |
Имена столбцов ожидаемого результата. |
| expectedResult |
string[] |
Ожидаемый результат. |
| query |
string |
Запрос правила. |
Remediation
Сведения об исправлении.
| Имя | Тип | Описание |
|---|---|---|
| automated |
boolean |
Автоматическое исправление. |
| description |
string |
Описание исправления. |
| portalLink |
string |
Необязательная ссылка для исправления на портале Azure. |
| scripts |
string[] |
Скрипт исправления. |
RuleSeverity
Серьезность правила.
| Имя | Тип | Описание |
|---|---|---|
| High |
string |
Высокий |
| Informational |
string |
Информационный |
| Low |
string |
Низкий |
| Medium |
string |
Терпимая |
| Obsolete |
string |
Устаревший |
RuleStatus
Состояние результата правила.
| Имя | Тип | Описание |
|---|---|---|
| Finding |
string |
Обнаружение |
| InternalError |
string |
InternalError |
| NonFinding |
string |
NonFinding |
RuleType
Тип правила.
| Имя | Тип | Описание |
|---|---|---|
| BaselineExpected |
string |
Базовые показатели |
| Binary |
string |
Двоичный |
| NegativeList |
string |
Отрицательный список |
| PositiveList |
string |
Положительный список |
ScanResult
Результат проверки уязвимостей для одного правила.
| Имя | Тип | Описание |
|---|---|---|
| id |
string |
Идентификатор ресурса |
| name |
string |
Имя ресурса |
| properties |
Свойства результатов проверки уязвимостей для одного правила. |
|
| type |
string |
Тип ресурса |
ScanResultProperties
Свойства результатов проверки уязвимостей для одного правила.
| Имя | Тип | Описание |
|---|---|---|
| baselineAdjustedResult |
Результат правила, скорректированный с помощью базовых показателей. |
|
| isTrimmed |
boolean |
Указывает, обрезаются ли результаты, указанные здесь. |
| queryResults |
string[] |
Результаты выполняемого запроса. |
| remediation |
Сведения об исправлении. |
|
| ruleId |
string |
Идентификатор правила. |
| ruleMetadata |
Сведения о метаданных правила оценки уязвимостей. |
|
| status |
Состояние результата правила. |
ScanResults
Список результатов проверки уязвимостей.
| Имя | Тип | Описание |
|---|---|---|
| value |
Список результатов проверки уязвимостей. |
VaRule
Сведения о метаданных правила оценки уязвимостей.
| Имя | Тип | Описание |
|---|---|---|
| benchmarkReferences |
Ссылки на тесты. |
|
| category |
string |
Категория правил. |
| description |
string |
Описание правила. |
| queryCheck |
Сведения о запросе правила. |
|
| rationale |
string |
Обоснование правила. |
| ruleId |
string |
Идентификатор правила. |
| ruleType |
Тип правила. |
|
| severity |
Серьезность правила. |
|
| title |
string |
Заголовок правила. |