Share via

Database Sql Vulnerability Assessment Scan Result - Get

Service:
SQL Database
API Version:
2023-08-01

Gets a vulnerability assessment scan record of a database.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults/{scanResultId}?api-version=2023-08-01

URI Parameters

Name In Required Type Description
databaseName
 path True

string

The name of the database.
resourceGroupName
 path True

string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.
scanId
 path True

string

The scan id of the SQL Vulnerability Assessment scan to retrieve result from.
scanResultId
 path True

string

The scan result id of the specific result to retrieve.
serverName
 path True

string

The name of the server.
subscriptionId
 path True

string

The subscription ID that identifies an Azure subscription.
vulnerabilityAssessmentName
 path True

SqlVulnerabilityAssessmentName

The name of the SQL Vulnerability Assessment.
api-version
 query True

string

The API version to use for the request.

Responses

Name Type Description
200 OK

SqlVulnerabilityAssessmentScanResults

Successfully retrieved SQL Vulnerability Assessment scan results for id.
Other Status Codes

ErrorResponse

*** Error Responses: ***

  • 400 SqlVulnerabilityAssessmentIsDisabled - SQL vulnerability assessment feature is disabled. please enable the feature before executing other SQL vulnerability assessment operations.

  • 400 SqlVulnerabilityAssessmentInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.

  • 400 InvalidSqlVulnerabilityAssessmentBaselineInput - The SQL vulnerability assessment baseline input is null or empty.

  • 400 InvalidSqlVulnerabilityAssessmentSettingsInput - The SQL vulnerability assessment setting input is null or empty

  • 400 SqlVulnerabilityAssessmentScanResultsAreNotAvailableYet - SQL vulnerability assessment results are not available yet, please try again later.

  • 400 SqlVulnerabilityAssessmentInvalidRuleId - The SQL vulnerability assessment rule id is invalid.

  • 400 SqlVulnerabilityAssessmentScanDoesNotExist - SQL vulnerability assessment scan does not exist.

  • 400 SqlVulnerabilityAssessmentNoBaseline - No baseline have been found for the latest scan in the resource

  • 400 SqlVulnerabilityAssessmentNoRuleBaseline - No SQL vulnerability assessment baseline was found

  • 400 SqlVulnerabilityAssessmentBaselineNoScanResults - No scan results have been found for rule Id. To set a baseline there must be results for this rule in the latest scan available

  • 400 SqlVulnerabilityAssessmentBadBinaryRuleFormat - Input for binary rule is not a boolean representation

  • 400 SqlVulnerabilityAssessmentBadRuleFormat - The provided results do not comply with the actual layout of the scan results

  • 400 SqlVulnerabilityAssessmentBadRuleWithoutRuleIdFormat - The provided results do not comply with the actual layout of the scan results

  • 400 SqlVulnerabilityAssessmentBadBinaryRuleWithoutRuleIdFormat - Input for binary rule is not a boolean representation

  • 400 SqlVulnerabilityAssessmentBaselineNoScanResultsWithoutRuleId - No scan results have been found for one of the rules. To set a baseline there must be results for this rule in the latest scan available

  • 400 SqlVulnerabilityAssessmentEmptyBaseline - Baseline not set because the results are null or empty

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.

  • 404 SourceDatabaseNotFound - The source database does not exist.

  • 409 DatabaseVulnerabilityAssessmentScanIsAlreadyInProgress - SQL Vulnerability Assessment scan is already in progress

  • 409 SqlVulnerabilityAssessmentStoragefullApiIsEnabled - Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version. Additional troubleshooting information can be found https://aka.ms/SQLVAStoragelessDocumentation.

  • 500 DatabaseIsUnavailable - Loading failed. Please try again later.

Examples

Get a database SQL Vulnerability Assessment scan result for scan id and scan result id

Sample request

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityassessmenttest-4711/providers/Microsoft.Sql/servers/vulnerabilityassessmenttest-6411/databases/master/sqlVulnerabilityAssessments/default/scans/scanId1/scanResults/VA1234?api-version=2023-08-01

Sample response

Status code:
200 
{
  "properties": {
    "ruleId": "VA1234",
    "status": "NonFinding",
    "errorMessage": null,
    "isTrimmed": false,
    "queryResults": [
      [
        "a1",
        "a2",
        "a3"
      ],
      [
        "b1",
        "b2",
        "b3"
      ]
    ],
    "remediation": {
      "description": "Remove users",
      "scripts": [
        "drop user a",
        "drop user b"
      ],
      "automated": false,
      "portalLink": null
    },
    "baselineAdjustedResult": null,
    "ruleMetadata": {
      "ruleId": "VA1234",
      "severity": "Informational",
      "category": "information",
      "ruleType": "NegativeList",
      "title": "This is the title",
      "description": "This is an example check",
      "rationale": "This is important",
      "queryCheck": {
        "query": "Select a1,a2, a3",
        "expectedResult": [],
        "columnNames": [
          "col1",
          "col2",
          "col3"
        ]
      },
      "benchmarkReferences": [
        {
          "benchmark": "fedramp",
          "reference": "v1"
        }
      ]
    }
  },
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityassessmenttest-4711/providers/Microsoft.Sql/servers/vulnerabilityassessmenttest-6411/sqlVulnerabilityAssessments/Default/scans/scanId1/scanResults/VA1234",
  "name": "VA1234",
  "type": "Microsoft.Sql/servers/sqlVulnerabilityAssessments/scans/scanResults"
}

Definitions

Name Description
Baseline

SQL Vulnerability Assessment baseline Details
BaselineAdjustedResult

SQL Vulnerability Assessment baseline adjusted results
BenchmarkReference

SQL Vulnerability Assessment benchmark reference
createdByType

The type of identity that created the resource.
ErrorAdditionalInfo

The resource management error additional info.
ErrorDetail

The error detail.
ErrorResponse

Error response
QueryCheck

SQL Vulnerability Assessment query check object.
Remediation

SQL Vulnerability Assessment remediation Details.
RuleSeverity

SQL Vulnerability Assessment rule severity.
RuleStatus

SQL Vulnerability Assessment baseline status
RuleType

SQL Vulnerability Assessment rule type.
SqlVulnerabilityAssessmentName

The name of the SQL Vulnerability Assessment.
SqlVulnerabilityAssessmentScanResults
systemData

Metadata pertaining to creation and last modification of the resource.
VaRule

SQL Vulnerability Assessment rule metadata details.

Baseline

Object

SQL Vulnerability Assessment baseline Details

Name Type Description
expectedResults

string[]

SQL Vulnerability Assessment baseline expected results
updatedTime

string (date-time)

SQL Vulnerability Assessment baseline update time (UTC)

BaselineAdjustedResult

Object

SQL Vulnerability Assessment baseline adjusted results

Name Type Description
baseline

Baseline

SQL Vulnerability Assessment baseline details
resultsNotInBaseline

string[]

SQL Vulnerability Assessment results that are not in baseline
resultsOnlyInBaseline

string[]

SQL Vulnerability Assessment results that are in baseline.
status

RuleStatus

SQL Vulnerability Assessment baseline status

BenchmarkReference

Object

SQL Vulnerability Assessment benchmark reference

Name Type Description
benchmark

string

SQL Vulnerability Assessment benchmark name
reference

string

SQL Vulnerability Assessment benchmark reference.

createdByType

Enumeration

The type of identity that created the resource.

Value Description
User
Application
ManagedIdentity
Key

ErrorAdditionalInfo

Object

The resource management error additional info.

Name Type Description
info

object

The additional info.
type

string

The additional info type.

ErrorDetail

Object

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.
code

string

The error code.
details

ErrorDetail[]

The error details.
message

string

The error message.
target

string

The error target.

ErrorResponse

Object

Error response

Name Type Description
error

ErrorDetail

The error object.

QueryCheck

Object

SQL Vulnerability Assessment query check object.

Name Type Description
columnNames

string[]

SQL Vulnerability Assessment column names of query expected result.
expectedResult

string[]

SQL Vulnerability Assessment query expected result.
query

string

SQL Vulnerability Assessment rule query.

Remediation

Object

SQL Vulnerability Assessment remediation Details.

Name Type Description
automated

boolean

SQL Vulnerability Assessment is remediation automated.
description

string

SQL Vulnerability Assessment remediation description.
portalLink

string

SQL Vulnerability Assessment optional link to remediate in Azure Portal.
scripts

string[]

SQL Vulnerability Assessment remediation script.

RuleSeverity

Enumeration

SQL Vulnerability Assessment rule severity.

Value Description
High
Medium
Low
Informational
Obsolete

RuleStatus

Enumeration

SQL Vulnerability Assessment baseline status

Value Description
NonFinding
Finding
InternalError

RuleType

Enumeration

SQL Vulnerability Assessment rule type.

Value Description
Binary
BaselineExpected
PositiveList
NegativeList

SqlVulnerabilityAssessmentName

Enumeration

The name of the SQL Vulnerability Assessment.

Value Description
default

SqlVulnerabilityAssessmentScanResults

Object
Name Type Description
id

string

Resource ID.
name

string

Resource name.
properties.baselineAdjustedResult

BaselineAdjustedResult

SQL Vulnerability Assessment rule result adjusted with baseline.
properties.errorMessage

string

SQL Vulnerability Assessment error message.
properties.isTrimmed

boolean

SQL Vulnerability Assessment is the query results trimmed.
properties.queryResults

string[]

SQL Vulnerability Assessment query results that was run.
properties.remediation

Remediation

SQL Vulnerability Assessment the remediation details.
properties.ruleId

string

SQL Vulnerability Assessment rule Id.
properties.ruleMetadata

VaRule

SQL Vulnerability Assessment rule metadata.
properties.status

RuleStatus

SQL Vulnerability Assessment rule result status.
systemData

systemData

SystemData of AdvancedThreatProtectionResource.
type

string

Resource type.

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string (date-time)

The timestamp of resource creation (UTC).
createdBy

string

The identity that created the resource.
createdByType

createdByType

The type of identity that created the resource.
lastModifiedAt

string (date-time)

The timestamp of resource last modification (UTC)
lastModifiedBy

string

The identity that last modified the resource.
lastModifiedByType

createdByType

The type of identity that last modified the resource.

VaRule

Object

SQL Vulnerability Assessment rule metadata details.

Name Type Description
benchmarkReferences

BenchmarkReference[]

SQL Vulnerability Assessment benchmark references.
category

string

SQL Vulnerability Assessment rule category.
description

string

SQL Vulnerability Assessment rule description.
queryCheck

QueryCheck

SQL Vulnerability Assessment rule query details.
rationale

string

SQL Vulnerability Assessment rule rationale.
ruleId

string

SQL Vulnerability Assessment rule Id.
ruleType

RuleType

SQL Vulnerability Assessment rule type.
severity

RuleSeverity

SQL Vulnerability Assessment rule severity.
title

string

SQL Vulnerability Assessment rule title.