New-SqlVulnerabilityAssessmentBaseline
Creates a new instance of Microsoft.SQL.VulnerabilityAssessment.SecurityCheckBaseline.
構文
Default (既定)
New-SqlVulnerabilityAssessmentBaseline
[-SecurityCheckId] <String>
-ExpectedResult <String[][]>
[-Severity <SecurityCheckSeverity>]
[<CommonParameters>]
説明
The New-SqlVulnerabilityAssessmentBaseline cmdlet creates a new instance of Microsoft.SQL.VulnerabilityAssessment.SecurityCheckBaseline.
As you review your assessment results, you can mark specific results of a security check as being an acceptable Baseline in your environment.
The baseline is essentially a customization of how the results of a specific security check are evaluated.
If the results of a security check match those that are expected according to the baseline, this check will be evaluated as passing.
Baselines should be added to a Baseline set, and you should run the scan with it to receive applicable results.
Module requirements: version 21+ on PowerShell 5.1; version 22+ on PowerShell 7.x.
This cmdlet was removed in v22.3+ of the module.
例
Example 1: Create a new security check baseline using a Vulnerability Assessment scan results
PS C:\> $scanResult = Invoke-SqlVulnerabilityAssessmentScan -ServerInstance "MyComputer\MainInstance" -Database some_database
PS C:\> $result2010 = $scanResult.Results.VA2010
PS C:\> $baseline2010 = New-SqlVulnerabilityAssessmentBaseline -SecurityCheckId $result2010.SecurityCheckId -ExpectedResult $result2010.QueryResults -Severity Medium
In this example we run a Vulnerability Assessment scan, and search for failed security checks. We see that we have two failed security checks - VA2042 and VA2109. We decide that we want to set a baseline for security check VA2109, so we create a new SecurityCheckBaseline with the security check id and query results that we got from the scan result object.
Example 2: Create a new security check baseline manually
PS C:\> [string[][]]$expectedResults = ("guest", "db_datareader", "SQLUSER", "NONE"), ("guest", "db_owner", "SQLUSER", "NONE")
PS C:\> $baseline = New-SqlVulnerabilityAssessmentBaseline -SecurityCheckId "VA2109" -ExpectedResult $expectedResults
SecurityCheckId Severity ExpectedResults
--------------- -------- ---------------
VA2109 {guest db_datareader SQLUSER NONE, guest db_owner SQLUSER NONE}
In this example we create a baseline for security check 'VA2109' manually. We first create the expected results which contains two rows. Then we create the baseline with the expected results.
パラメーター
-ExpectedResult
The baseline expected result for the security check query. This expected result overrides the security check original expected results.
パラメーターのプロパティ
| 型: | String[][] |
| 規定値: | None |
| ワイルドカードのサポート: | False |
| DontShow: | False |
パラメーター セット
(All)
| 配置: | Named |
| 必須: | True |
| パイプラインからの値: | False |
| プロパティ名別のパイプラインからの値: | False |
| 残りの引数からの値: | False |
-SecurityCheckId
The security check id which the baseline applies to.
パラメーターのプロパティ
| 型: | String |
| 規定値: | None |
| ワイルドカードのサポート: | False |
| DontShow: | False |
パラメーター セット
(All)
| 配置: | 0 |
| 必須: | True |
| パイプラインからの値: | False |
| プロパティ名別のパイプラインからの値: | False |
| 残りの引数からの値: | False |
-Severity
The new severity for the security check. This severity overrides the security check original severity.
パラメーターのプロパティ
| 型: | SecurityCheckSeverity |
| 規定値: | None |
| 指定可能な値: | High, Medium, Low |
| ワイルドカードのサポート: | False |
| DontShow: | False |
パラメーター セット
(All)
| 配置: | Named |
| 必須: | False |
| パイプラインからの値: | False |
| プロパティ名別のパイプラインからの値: | False |
| 残りの引数からの値: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.