Share via


az security va sql baseline

View and manage Sql Vulnerability Assessment baseline.

Commands

Name Description Type Status
az security va sql baseline delete

Delete Sql Vulnerability Assessment rule baseline.

Core GA
az security va sql baseline list

View Sql Vulnerability Assessment baseline for all rules.

Core GA
az security va sql baseline set

Sets Sql Vulnerability Assessment baseline. Replaces the current baseline.

Core GA
az security va sql baseline show

View Sql Vulnerability Assessment rule baseline.

Core GA
az security va sql baseline update

Update Sql Vulnerability Assessment rule baseline. Replaces the current rule baseline.

Core GA

az security va sql baseline delete

Delete Sql Vulnerability Assessment rule baseline.

az security va sql baseline delete --database-name
                                   --rule-id
                                   --server-name
                                   --vm-resource-id
                                   --workspace-id
                                   [--agent-id]
                                   [--vm-name]
                                   [--vm-uuid]

Examples

Delete Sql Vulnerability Assessment rule baseline on an Azure virtual machine.

az security va sql baseline delete --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.Compute/VirtualMachines/MyVmName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --rule-id VA9999

Delete Sql Vulnerability Assessment rule baseline on an On-Premise machine.

az security va sql baseline delete --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.OperationalInsights/Workspaces/MyWorkspaceName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --vm-name MyVmName --agent-id MyAgentId --vm-uuid MyVmUUID --rule-id VA9999

Required Parameters

--database-name

The name of the scanned database.

--rule-id

The ID of the scanned rule. Format: "VAXXXX", where XXXX indicates the number of the rule.

--server-name

The name of the scanned server.

--vm-resource-id

Resource ID of the scanned machine. For On-Premise machines, please provide your workspace resource ID.

--workspace-id

The ID of the workspace connected to the scanned machine.

Optional Parameters

--agent-id

Provide the ID of the agent on the scanned machine, for On-Premise resources only.

--vm-name

Provide the name of the machine, for On-Premise resources only.

--vm-uuid

Provide the UUID of the scanned machine, for On-Premise resources only.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security va sql baseline list

View Sql Vulnerability Assessment baseline for all rules.

az security va sql baseline list --database-name
                                 --server-name
                                 --vm-resource-id
                                 --workspace-id
                                 [--agent-id]
                                 [--vm-name]
                                 [--vm-uuid]

Examples

View Sql Vulnerability Assessment baseline for all rules on an Azure virtual machine.

az security va sql baseline list --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.Compute/VirtualMachines/MyVmName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName

View Sql Vulnerability Assessment baseline for all rules on an On-Premise machine.

az security va sql baseline list --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.OperationalInsights/Workspaces/MyWorkspaceName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --vm-name MyVmName --agent-id MyAgentId --vm-uuid MyVmUUID

Required Parameters

--database-name

The name of the scanned database.

--server-name

The name of the scanned server.

--vm-resource-id

Resource ID of the scanned machine. For On-Premise machines, please provide your workspace resource ID.

--workspace-id

The ID of the workspace connected to the scanned machine.

Optional Parameters

--agent-id

Provide the ID of the agent on the scanned machine, for On-Premise resources only.

--vm-name

Provide the name of the machine, for On-Premise resources only.

--vm-uuid

Provide the UUID of the scanned machine, for On-Premise resources only.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security va sql baseline set

Sets Sql Vulnerability Assessment baseline. Replaces the current baseline.

az security va sql baseline set --database-name
                                --server-name
                                --vm-resource-id
                                --workspace-id
                                [--agent-id]
                                [--baseline]
                                [--latest {false, true}]
                                [--vm-name]
                                [--vm-uuid]

Examples

Sets Sql Vulnerability Assessment baseline on an Azure virtual machine. Replaces the current baseline with latest scan results.

az security va sql baseline set --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.Compute/VirtualMachines/MyVmName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --latest

Sets Sql Vulnerability Assessment baseline on an Azure virtual machine. Replaces the current baseline with provided results.

az security va sql baseline set --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.Compute/VirtualMachines/MyVmName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --baseline rule=VA9999 Line1_col1 Line1_col2 Line1_col3 --baseline rule=VA8888 Line1_col1 Line1_col2 --baseline rule=VA9999 Line2_col1 Line2_col2 Line2_col3

Sets Sql Vulnerability Assessment baseline on an On-Premise machine. Replaces the current baseline with latest scan results.

az security va sql baseline set --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.OperationalInsights/Workspaces/MyWorkspaceName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --vm-name MyVmName --agent-id MyAgentId --vm-uuid MyVmUUID --latest

Sets Sql Vulnerability Assessment baseline on an On-Premise machine. Replaces the current baseline with provided results.

az security va sql baseline set --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.OperationalInsights/Workspaces/MyWorkspaceName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --vm-name MyVmName --agent-id MyAgentId --vm-uuid MyVmUUID --baseline rule=VA9999 Line1_col1 Line1_col2 Line1_col3 --baseline rule=VA8888 Line1_col1 Line1_col2 --baseline rule=VA9999 Line2_col1 Line2_col2 Line2_col3

Required Parameters

--database-name

The name of the scanned database.

--server-name

The name of the scanned server.

--vm-resource-id

Resource ID of the scanned machine. For On-Premise machines, please provide your workspace resource ID.

--workspace-id

The ID of the workspace connected to the scanned machine.

Optional Parameters

--agent-id

Provide the ID of the agent on the scanned machine, for On-Premise resources only.

--baseline -b

Baseline records to be set. The following example will set a baseline for two rules: --baseline rule=VA1111 line1_w1 line1_w2 --baseline rule=VA2222 line1_w1 line1_w2 line1_w3 --baseline rule=VA1111 line2_w1 line2_w2.

--latest

Use this argument without parameters to set baseline upon latest scan results.

Accepted values: false, true
Default value: False
--vm-name

Provide the name of the machine, for On-Premise resources only.

--vm-uuid

Provide the UUID of the scanned machine, for On-Premise resources only.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security va sql baseline show

View Sql Vulnerability Assessment rule baseline.

az security va sql baseline show --database-name
                                 --rule-id
                                 --server-name
                                 --vm-resource-id
                                 --workspace-id
                                 [--agent-id]
                                 [--vm-name]
                                 [--vm-uuid]

Examples

View Sql Vulnerability Assessment rule baseline on an Azure virtual machine.

az security va sql baseline show --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.Compute/VirtualMachines/MyVmName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --rule-id VA9999

View Sql Vulnerability Assessment rule baseline on an On-Premise machine.

az security va sql baseline show --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.OperationalInsights/Workspaces/MyWorkspaceName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --vm-name MyVmName --agent-id MyAgentId --vm-uuid MyVmUUID --rule-id VA9999

Required Parameters

--database-name

The name of the scanned database.

--rule-id

The ID of the scanned rule. Format: "VAXXXX", where XXXX indicates the number of the rule.

--server-name

The name of the scanned server.

--vm-resource-id

Resource ID of the scanned machine. For On-Premise machines, please provide your workspace resource ID.

--workspace-id

The ID of the workspace connected to the scanned machine.

Optional Parameters

--agent-id

Provide the ID of the agent on the scanned machine, for On-Premise resources only.

--vm-name

Provide the name of the machine, for On-Premise resources only.

--vm-uuid

Provide the UUID of the scanned machine, for On-Premise resources only.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security va sql baseline update

Update Sql Vulnerability Assessment rule baseline. Replaces the current rule baseline.

az security va sql baseline update --database-name
                                   --rule-id
                                   --server-name
                                   --vm-resource-id
                                   --workspace-id
                                   [--agent-id]
                                   [--baseline]
                                   [--latest {false, true}]
                                   [--vm-name]
                                   [--vm-uuid]

Examples

Update Sql Vulnerability Assessment rule baseline on an Azure virtual machine. Replaces the current rule baseline with latest scan results.

az security va sql baseline update --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.Compute/VirtualMachines/MyVmName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --rule-id VA9999 --latest

Update Sql Vulnerability Assessment rule baseline on an Azure virtual machine. Replaces the current rule baseline with provided results.

az security va sql baseline update --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.Compute/VirtualMachines/MyVmName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --rule-id VA9999 --baseline Line1_Col1 Line1_Col2 --baseline Line2_Col1 Line2_Col2

Update Sql Vulnerability Assessment rule baseline on an On-Premise machine. Replaces the current rule baseline with latest scan results.

az security va sql baseline update --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.OperationalInsights/Workspaces/MyWorkspaceName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --vm-name MyVmName --agent-id MyAgentId --vm-uuid MyVmUUID --rule-id VA9999 --latest

Update Sql Vulnerability Assessment rule baseline on an On-Premise machine. Replaces the current rule baseline with provided results.

az security va sql baseline update --vm-resource-id subscriptions/MySubscription/ResourceGroups/MyResourceGroup/Providers/Microsoft.OperationalInsights/Workspaces/MyWorkspaceName --workspace-id 00000000-0000-0000-0000-000000000000 --server-name MyServerName --database-name MyDbName --vm-name MyVmName --agent-id MyAgentId --vm-uuid MyVmUUID --rule-id VA9999 --baseline Line1_Col1 Line1_Col2 --baseline Line2_Col1 Line2_Col2

Required Parameters

--database-name

The name of the scanned database.

--rule-id

The ID of the scanned rule. Format: "VAXXXX", where XXXX indicates the number of the rule.

--server-name

The name of the scanned server.

--vm-resource-id

Resource ID of the scanned machine. For On-Premise machines, please provide your workspace resource ID.

--workspace-id

The ID of the workspace connected to the scanned machine.

Optional Parameters

--agent-id

Provide the ID of the agent on the scanned machine, for On-Premise resources only.

--baseline -b

Baseline records to be set. The following example will set a baseline with two records: --baseline line1_w1 line1_w2 line1_w3 --baseline line2_w1 line2_w2 line2_w3.

--latest

Use this argument without parameters to set baseline upon latest scan results.

Accepted values: false, true
Default value: False
--vm-name

Provide the name of the machine, for On-Premise resources only.

--vm-uuid

Provide the UUID of the scanned machine, for On-Premise resources only.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.