Add-AzSecuritySqlVulnerabilityAssessmentBaseline
Add SQL vulnerability assessment baseline.
Syntax
Add-AzSecuritySqlVulnerabilityAssessmentBaseline
-RuleId <String>
[-Baseline <String[][]>]
-ResourceId <String>
-WorkspaceId <String>
-Server <String>
-Database <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Add-AzSecuritySqlVulnerabilityAssessmentBaseline
-RuleId <String>
[-Baseline <String[][]>]
-WorkspaceId <String>
-Server <String>
-Database <String>
-ComputerName <String>
-VmUuid <String>
-AgentId <String>
-WorkspaceResourceId <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Add-AzSecuritySqlVulnerabilityAssessmentBaseline
-InputObject <PSSqlVulnerabilityAssessmentBaselineResults>
-ResourceId <String>
-WorkspaceId <String>
-Server <String>
-Database <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Add-AzSecuritySqlVulnerabilityAssessmentBaseline
-InputObject <PSSqlVulnerabilityAssessmentBaselineResults>
-WorkspaceId <String>
-Server <String>
-Database <String>
-ComputerName <String>
-VmUuid <String>
-AgentId <String>
-WorkspaceResourceId <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Add SQL vulnerability assessment baseline
Examples
Example 1: Add results as baseline using resource id parameters.
Add-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" -Baseline @( , @("dbo", "db_owner1", "SQL_USER"))
Results Id
------- --
{dbo db_owner1 SQL_USER} /subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServ…
Example of resource id parameters. Supported resources are:
- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName}
- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName}
- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName}
For on premise resources, the patameter machineName is composed as follows: {ComputerName}{AgentId}{VmUuid}
Notice the @(,@('a','b',...)) syntax for array of arrays of string with only one inner array. Eeach inner array represents a row in the query results.
Example 2: Add results as baseline using on premise parameters.
Add-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" -Baseline @( , @("dbo", "db_owner1", "SQL_USER"))
Results Id
------- --
{dbo db_owner1 SQL_USER} /subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServ…
Example of on premise parameters.
Example 3: Add results as baseline for specific rule.
Add-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 -Server AHABASDEV01SRV -Database master -RuleId "VA2108"
Results Id
------- --
{dbo db_owner1 SQL_USER} /subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServ…
In this example when the -Baseline parameter is not supplied, latest results are set as baseline.
Example 4: Copy baseline from a database to an on prem database using pipe.
Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 -Server AHABASDEV01SRV -Database master | Add-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2/onPremiseMachines/TAHERSCO-DEV.middleeast.corp.microsoft.com_7adcdd86-adb6-4008-a254-80e0fc425c55_4c4c4544-0058-3310-8032-c4c04f4a4e32 -WorkspaceId c2c2c2c2-dddd-eeee-ffff-a3a3a3a3a3a3 -Server SQLEXPRESS -Database master
Results Id
------- --
{dbo db_owner SQL_USER} /subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2/onpremisemachines/tahersco-dev.middleeast.corp.microsoft.com_7adcdd86-adb6-4008-a254-80e0fc425c55_4c…
Note
In this example, we transfer baseline objects from database 'master' from one server to another using InputObjectWithResourceId parameter set. it is important that both source and destination server have matching platforms, versions, and ruleset otherwise the operation might fail.
Parameters
-AgentId
Agent ID - on premise parameter
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Baseline
Vulnerability assessment baseline object
Type: | String[][] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ComputerName
Computer full name - on premise parameter
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Database
Database name
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Input Object.
Type: | PSSqlVulnerabilityAssessmentBaselineResults |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceId
ID of the security resource that you want to invoke the command on. Supported resources are:
- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName}
- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName}
- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName}
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RuleId
Vulnerability assessment rule ID
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Server
Server name
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-VmUuid
Virtual machine universal unique identifier - on premise parameter
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceId
Workspace ID.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceResourceId
Workspace resource ID - on premise parameter
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
PSSqlVulnerabilityAssessmentBaselineResults
Outputs
PSSqlVulnerabilityAssessmentBaselineResults