获取扫描记录中单个规则的扫描结果。
GET https://management.azure.com/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults/{scanResultId}?workspaceId={workspaceId}&api-version=2023-02-01-preview
URI 参数
| 名称 |
在 |
必需 |
类型 |
说明 |
|
resourceId
|
path |
True
|
string
|
资源的标识符。
|
|
scanId
|
path |
True
|
string
|
扫描 ID。键入“latest”以获取最新扫描的扫描结果。
|
|
scanResultId
|
path |
True
|
string
|
结果的规则 ID。
|
|
api-version
|
query |
True
|
string
|
API 版本。
|
|
workspaceId
|
query |
True
|
string
|
工作区 ID。
|
响应
安全性
azure_auth
Azure Active Directory OAuth2 Flow
类型:
oauth2
流向:
implicit
授权 URL:
https://login.microsoftonline.com/common/oauth2/authorize
作用域
| 名称 |
说明 |
|
user_impersonation
|
模拟用户帐户
|
示例
Get scan details of a scan record
示例请求
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview
/**
* Samples for SqlVulnerabilityAssessmentScanResults Get.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
* sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
*/
/**
* Sample code: Get scan details of a scan record.
*
* @param manager Entry point to SecurityManager.
*/
public static void getScanDetailsOfAScanRecord(com.azure.resourcemanager.security.SecurityManager manager) {
manager.sqlVulnerabilityAssessmentScanResults().getWithResponse("Scheduled-20200623", "VA2063",
"55555555-6666-7777-8888-999999999999",
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_Get_getScanDetailsOfAScanRecord() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().Get(ctx, "Scheduled-20200623", "VA2063", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ScanResult = armsecurity.ScanResult{
// Name: to.Ptr("VA2063"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
// Properties: &armsecurity.ScanResultProperties{
// BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
// Baseline: &armsecurity.Baseline{
// ExpectedResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
// },
// ResultsNotInBaseline: [][]*string{
// },
// ResultsOnlyInBaseline: [][]*string{
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove server firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr("ReviewServerFirewallRules"),
// Scripts: []*string{
// to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
// },
// RuleID: to.Ptr("VA2063"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
// RuleID: to.Ptr("VA2063"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusFinding),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Gets the scan results of a single rule in a scan record.
*
* @summary Gets the scan results of a single rule in a scan record.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
*/
async function getScanDetailsOfAScanRecord() {
const scanId = "Scheduled-20200623";
const scanResultId = "VA2063";
const workspaceId = "55555555-6666-7777-8888-999999999999";
const resourceId =
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.sqlVulnerabilityAssessmentScanResults.get(
scanId,
scanResultId,
workspaceId,
resourceId,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_Get" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "Scheduled-20200623";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);
// invoke the operation
string scanResultId = "VA2063";
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
SqlVulnerabilityAssessmentScanResult result = await sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultAsync(scanResultId, workspaceId);
Console.WriteLine($"Succeeded: {result}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
示例响应
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
"name": "VA2063",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2063",
"status": "Finding",
"isTrimmed": false,
"queryResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"remediation": {
"description": "Remove server firewall rules that grant excessive access",
"scripts": [
"EXECUTE sp_delete_firewall_rule N'Test';"
],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"baselineAdjustedResult": {
"baseline": {
"expectedResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"updatedTime": "2020-02-04T12:49:41.027771+00:00"
},
"status": "NonFinding",
"resultsNotInBaseline": [],
"resultsOnlyInBaseline": []
},
"ruleMetadata": {
"ruleId": "VA2063",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Server-level firewall rules should not grant excessive access",
"description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
}
Get scan details of the latest scan record
示例请求
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults/VA2063?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview
/**
* Samples for SqlVulnerabilityAssessmentScanResults Get.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
* sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
*/
/**
* Sample code: Get scan details of the latest scan record.
*
* @param manager Entry point to SecurityManager.
*/
public static void getScanDetailsOfTheLatestScanRecord(com.azure.resourcemanager.security.SecurityManager manager) {
manager.sqlVulnerabilityAssessmentScanResults().getWithResponse("latest", "VA2063",
"55555555-6666-7777-8888-999999999999",
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_Get_getScanDetailsOfTheLatestScanRecord() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().Get(ctx, "latest", "VA2063", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ScanResult = armsecurity.ScanResult{
// Name: to.Ptr("VA2063"),
// Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
// ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
// Properties: &armsecurity.ScanResultProperties{
// BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
// Baseline: &armsecurity.Baseline{
// ExpectedResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
// },
// ResultsNotInBaseline: [][]*string{
// },
// ResultsOnlyInBaseline: [][]*string{
// },
// Status: to.Ptr(armsecurity.RuleStatusNonFinding),
// },
// IsTrimmed: to.Ptr(false),
// QueryResults: [][]*string{
// []*string{
// to.Ptr("Test"),
// to.Ptr("0.0.0.0"),
// to.Ptr("125.125.125.125")}},
// Remediation: &armsecurity.Remediation{
// Description: to.Ptr("Remove server firewall rules that grant excessive access"),
// Automated: to.Ptr(false),
// PortalLink: to.Ptr("ReviewServerFirewallRules"),
// Scripts: []*string{
// to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
// },
// RuleID: to.Ptr("VA2063"),
// RuleMetadata: &armsecurity.VaRule{
// Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
// BenchmarkReferences: []*armsecurity.BenchmarkReference{
// },
// Category: to.Ptr("SurfaceAreaReduction"),
// QueryCheck: &armsecurity.QueryCheck{
// ColumnNames: []*string{
// to.Ptr("Firewall Rule Name"),
// to.Ptr("Start Address"),
// to.Ptr("End Address")},
// ExpectedResult: [][]*string{
// },
// Query: to.Ptr("SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;"),
// },
// Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
// RuleID: to.Ptr("VA2063"),
// RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
// Severity: to.Ptr(armsecurity.RuleSeverityHigh),
// Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
// },
// Status: to.Ptr(armsecurity.RuleStatusFinding),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Gets the scan results of a single rule in a scan record.
*
* @summary Gets the scan results of a single rule in a scan record.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
*/
async function getScanDetailsOfTheLatestScanRecord() {
const scanId = "latest";
const scanResultId = "VA2063";
const workspaceId = "55555555-6666-7777-8888-999999999999";
const resourceId =
"subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.sqlVulnerabilityAssessmentScanResults.get(
scanId,
scanResultId,
workspaceId,
resourceId,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_Get" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "latest";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);
// invoke the operation
string scanResultId = "VA2063";
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
SqlVulnerabilityAssessmentScanResult result = await sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultAsync(scanResultId, workspaceId);
Console.WriteLine($"Succeeded: {result}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
示例响应
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
"name": "VA2063",
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
"properties": {
"ruleId": "VA2063",
"status": "Finding",
"isTrimmed": false,
"queryResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"remediation": {
"description": "Remove server firewall rules that grant excessive access",
"scripts": [
"EXECUTE sp_delete_firewall_rule N'Test';"
],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"baselineAdjustedResult": {
"baseline": {
"expectedResults": [
[
"Test",
"0.0.0.0",
"125.125.125.125"
]
],
"updatedTime": "2020-02-04T12:49:41.027771+00:00"
},
"status": "NonFinding",
"resultsNotInBaseline": [],
"resultsOnlyInBaseline": []
},
"ruleMetadata": {
"ruleId": "VA2063",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "NegativeList",
"title": "Server-level firewall rules should not grant excessive access",
"description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
"rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
"queryCheck": {
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;",
"expectedResult": [],
"columnNames": [
"Firewall Rule Name",
"Start Address",
"End Address"
]
},
"benchmarkReferences": []
}
}
}
定义
Baseline
Object
基线详细信息。
| 名称 |
类型 |
说明 |
|
expectedResults
|
string[]
|
预期结果。
|
|
updatedTime
|
string
(date-time)
|
基线更新时间(UTC)。
|
BaselineAdjustedResult
Object
使用基线调整的规则结果。
| 名称 |
类型 |
说明 |
|
baseline
|
Baseline
|
基线详细信息。
|
|
resultsNotInBaseline
|
string[]
|
结果不在基线中。
|
|
resultsOnlyInBaseline
|
string[]
|
结果为基线。
|
|
status
|
RuleStatus
|
规则结果状态。
|
BenchmarkReference
Object
基准引用。
| 名称 |
类型 |
说明 |
|
benchmark
|
string
|
基准名称。
|
|
reference
|
string
|
基准参考。
|
CloudError
Object
所有 Azure 资源管理器 API 的常见错误响应,以返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式)。
| 名称 |
类型 |
说明 |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
错误附加信息。
|
|
error.code
|
string
|
错误代码。
|
|
error.details
|
CloudErrorBody[]
|
错误详细信息。
|
|
error.message
|
string
|
错误消息。
|
|
error.target
|
string
|
错误目标。
|
CloudErrorBody
Object
错误详细信息。
ErrorAdditionalInfo
Object
资源管理错误附加信息。
| 名称 |
类型 |
说明 |
|
info
|
object
|
其他信息。
|
|
type
|
string
|
其他信息类型。
|
QueryCheck
Object
规则查询详细信息。
| 名称 |
类型 |
说明 |
|
columnNames
|
string[]
|
预期结果的列名。
|
|
expectedResult
|
string[]
|
预期结果。
|
|
query
|
string
|
规则查询。
|
Object
修正详细信息。
| 名称 |
类型 |
说明 |
|
automated
|
boolean
|
是否自动修正。
|
|
description
|
string
|
修正说明。
|
|
portalLink
|
string
|
用于在 Azure 门户中修正的可选链接。
|
|
scripts
|
string[]
|
修正脚本。
|
RuleSeverity
枚举
规则严重性。
| 值 |
说明 |
|
High
|
高
|
|
Informational
|
信息
|
|
Low
|
低
|
|
Medium
|
中等
|
|
Obsolete
|
过时
|
RuleStatus
枚举
规则结果状态。
| 值 |
说明 |
|
Finding
|
发现
|
|
InternalError
|
InternalError
|
|
NonFinding
|
NonFinding
|
RuleType
枚举
规则类型。
| 值 |
说明 |
|
BaselineExpected
|
BaselineExpected
|
|
Binary
|
二元的
|
|
NegativeList
|
NegativeList
|
|
PositiveList
|
PositiveList
|
ScanResult
Object
单个规则的漏洞评估扫描结果。
| 名称 |
类型 |
说明 |
|
id
|
string
|
资源 ID
|
|
name
|
string
|
资源名称
|
|
properties
|
ScanResultProperties
|
单个规则的漏洞评估扫描结果属性。
|
|
type
|
string
|
资源类型
|
ScanResultProperties
Object
单个规则的漏洞评估扫描结果属性。
| 名称 |
类型 |
说明 |
|
baselineAdjustedResult
|
BaselineAdjustedResult
|
使用基线调整的规则结果。
|
|
isTrimmed
|
boolean
|
指示是否剪裁了此处指定的结果。
|
|
queryResults
|
string[]
|
运行的查询的结果。
|
|
remediation
|
Remediation
|
修正详细信息。
|
|
ruleId
|
string
|
规则 ID。
|
|
ruleMetadata
|
VaRule
|
漏洞评估规则元数据详细信息。
|
|
status
|
RuleStatus
|
规则结果状态。
|
VaRule
Object
漏洞评估规则元数据详细信息。
| 名称 |
类型 |
说明 |
|
benchmarkReferences
|
BenchmarkReference[]
|
基准引用。
|
|
category
|
string
|
规则类别。
|
|
description
|
string
|
规则说明。
|
|
queryCheck
|
QueryCheck
|
规则查询详细信息。
|
|
rationale
|
string
|
规则的理由。
|
|
ruleId
|
string
|
规则 ID。
|
|
ruleType
|
RuleType
|
规则类型。
|
|
severity
|
RuleSeverity
|
规则严重性。
|
|
title
|
string
|
规则标题。
|