Share via

Database Vulnerability Assessments - Create Or Update

  • Reference
Service:
SQL Database
API Version:
2021-11-01

Creates or updates the database's vulnerability assessment.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments/default?api-version=2021-11-01

URI Parameters

Name In Required Type Description
databaseName
 path True

string

The name of the database for which the vulnerability assessment is defined.
resourceGroupName
 path True

string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.
serverName
 path True

string

The name of the server.
subscriptionId
 path True

string

The subscription ID that identifies an Azure subscription.
vulnerabilityAssessmentName
 path True

VulnerabilityAssessmentName

The name of the vulnerability assessment.
api-version
 query True

string

The API version to use for the request.

Request Body

Name Type Description
properties.recurringScans

VulnerabilityAssessmentRecurringScansProperties

The recurring scans settings
properties.storageAccountAccessKey

string

Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall
properties.storageContainerPath

string

A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn't set
properties.storageContainerSasKey

string

A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall

Responses

Name Type Description
200 OK

DatabaseVulnerabilityAssessment

Successfully set the vulnerability assessment.
201 Created

DatabaseVulnerabilityAssessment

Successfully created the vulnerability assessment.
Other Status Codes

*** Error Responses: ***

  • 400 InvalidStorageAccountName - The provided storage account is not valid or does not exist.

  • 400 InvalidStorageAccountCredentials - The provided storage account shared access signature or account storage key is not valid.

  • 400 DatabaseVulnerabilityAssessmentMissingStorageContainerPath - Storage container path must be provided if it isn't set in server level policy

  • 400 VulnerabilityAssessmentUnsupportedStorageAccount - The provided storage account is unsupported.

  • 400 VulnerabilityAssessmentADSIsDisabled - Advanced Data Security should be enabled in order to use Vulnerability Assessment.

  • 400 VulnerabilityAssessmentStorageOutboundFirewallNotAllowed - The storage account is not in the list of Outbound Firewall Rules.

  • 400 VulnerabilityAssessmentInsufficientStorageAccountPermissions - Insufficient permissions on the provided storage account.

  • 400 VulnerabilityAssessmentStorageAccountIsDisabled - The provided storage account is disabled.

  • 400 InvalidVulnerabilityAssessmentOperationRequest - The vulnerability assessment operation request does not exist or has no properties object.

  • 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 SourceDatabaseNotFound - The source database does not exist.

  • 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.

  • 500 DatabaseIsUnavailable - Loading failed. Please try again later.

Examples

Create a database's vulnerability assessment with all parameters
Create a database's vulnerability assessment with minimal parameters, when storageAccountAccessKey is specified
Create a database's vulnerability assessment with minimal parameters, when storageContainerSasKey is specified

Create a database's vulnerability assessment with all parameters

Sample request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default?api-version=2021-11-01

{
  "properties": {
    "storageContainerPath": "https://myStorage.blob.core.windows.net/vulnerability-assessment/",
    "storageContainerSasKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "storageAccountAccessKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "recurringScans": {
      "isEnabled": true,
      "emailSubscriptionAdmins": true,
      "emails": [
        "email1@mail.com",
        "email2@mail.com"
      ]
    }
  }
}

Sample response

Status code:
200 
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
  "properties": {
    "recurringScans": {
      "isEnabled": true,
      "emailSubscriptionAdmins": true,
      "emails": [
        "email1@mail.com",
        "email2@mail.com"
      ]
    }
  }
}
Status code:
201 
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
  "properties": {
    "recurringScans": {
      "isEnabled": true,
      "emailSubscriptionAdmins": true,
      "emails": [
        "email1@mail.com",
        "email2@mail.com"
      ]
    }
  }
}

Create a database's vulnerability assessment with minimal parameters, when storageAccountAccessKey is specified

Sample request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default?api-version=2021-11-01

{
  "properties": {
    "storageContainerPath": "https://myStorage.blob.core.windows.net/vulnerability-assessment/",
    "storageAccountAccessKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
  }
}

Sample response

Status code:
200 
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
  "properties": {
    "recurringScans": {
      "isEnabled": true,
      "emailSubscriptionAdmins": false,
      "emails": []
    }
  }
}
Status code:
201 
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
  "properties": {
    "recurringScans": {
      "isEnabled": true,
      "emailSubscriptionAdmins": false,
      "emails": []
    }
  }
}

Create a database's vulnerability assessment with minimal parameters, when storageContainerSasKey is specified

Sample request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default?api-version=2021-11-01

{
  "properties": {
    "storageContainerPath": "https://myStorage.blob.core.windows.net/vulnerability-assessment/",
    "storageContainerSasKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
  }
}

Sample response

Status code:
200 
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
  "properties": {
    "recurringScans": {
      "isEnabled": true,
      "emailSubscriptionAdmins": false,
      "emails": []
    }
  }
}
Status code:
201 
{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
  "properties": {
    "recurringScans": {
      "isEnabled": true,
      "emailSubscriptionAdmins": false,
      "emails": []
    }
  }
}

Definitions

Name Description
DatabaseVulnerabilityAssessment

A database vulnerability assessment.
VulnerabilityAssessmentName

The name of the vulnerability assessment.
VulnerabilityAssessmentRecurringScansProperties

Properties of a Vulnerability Assessment recurring scans.

DatabaseVulnerabilityAssessment

A database vulnerability assessment.

Name Type Description
id

string

Resource ID.
name

string

Resource name.
properties.recurringScans

VulnerabilityAssessmentRecurringScansProperties

The recurring scans settings
properties.storageAccountAccessKey

string

Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall
properties.storageContainerPath

string

A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn't set
properties.storageContainerSasKey

string

A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall
type

string

Resource type.

VulnerabilityAssessmentName

The name of the vulnerability assessment.

Name Type Description
default

string

VulnerabilityAssessmentRecurringScansProperties

Properties of a Vulnerability Assessment recurring scans.

Name Type Default value Description
emailSubscriptionAdmins

boolean

True

Specifies that the schedule scan notification will be is sent to the subscription administrators.
emails

string[]

Specifies an array of e-mail addresses to which the scan notification is sent.
isEnabled

boolean

Recurring scans state.