Sql Vulnerability Assessment Scan Results - List

サービス:

Defender for Cloud

API バージョン:

2023-02-01-preview

1 つのスキャン レコードのスキャン結果の一覧を取得します。

GET https://management.azure.com/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults?workspaceId={workspaceId}&api-version=2023-02-01-preview

URI パラメーター

名前	/	必須	型	説明
resourceId	path	True	string	リソースの識別子。
scanId	path	True	string	スキャン ID。「latest」と入力して、最新のスキャンのスキャン結果を取得します。
api-version	query	True	string	API のバージョン。
workspaceId	query	True	string	ワークスペース ID。

応答

名前	型	説明
200 OK	ScanResults	スキャン結果の一覧を返します。
Other Status Codes	CloudError	操作が失敗した理由を説明するエラー応答。

セキュリティ

azure_auth

Azure Active Directory OAuth2 フロー

型: oauth2
フロー: implicit
Authorization URL (承認 URL): https://login.microsoftonline.com/common/oauth2/authorize

スコープ

名前	説明
user_impersonation	ユーザー アカウントを偽装する

例

List scan results

List scan results of the latest scan

List scan results

要求のサンプル

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview

Java

/**
 * Samples for SqlVulnerabilityAssessmentScanResults List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
     * sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
     */
    /**
     * Sample code: List scan results.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listScanResults(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.sqlVulnerabilityAssessmentScanResults().listWithResponse("Scheduled-20200623",
            "55555555-6666-7777-8888-999999999999",
            "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_List_listScanResults() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().List(ctx, "Scheduled-20200623", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ScanResults = armsecurity.ScanResults{
	// 	Value: []*armsecurity.ScanResult{
	// 		{
	// 			Name: to.Ptr("VA2062"),
	// 			Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
	// 			ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062"),
	// 			Properties: &armsecurity.ScanResultProperties{
	// 				IsTrimmed: to.Ptr(false),
	// 				QueryResults: [][]*string{
	// 				},
	// 				Remediation: &armsecurity.Remediation{
	// 					Description: to.Ptr("Remove database firewall rules that grant excessive access"),
	// 					Automated: to.Ptr(false),
	// 					PortalLink: to.Ptr(""),
	// 					Scripts: []*string{
	// 					},
	// 				},
	// 				RuleID: to.Ptr("VA2062"),
	// 				RuleMetadata: &armsecurity.VaRule{
	// 					Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access."),
	// 					BenchmarkReferences: []*armsecurity.BenchmarkReference{
	// 					},
	// 					Category: to.Ptr("SurfaceAreaReduction"),
	// 					QueryCheck: &armsecurity.QueryCheck{
	// 						ColumnNames: []*string{
	// 							to.Ptr("Firewall Rule Name"),
	// 							to.Ptr("Start Address"),
	// 							to.Ptr("End Address")},
	// 							ExpectedResult: [][]*string{
	// 							},
	// 							Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;"),
	// 						},
	// 						Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall."),
	// 						RuleID: to.Ptr("VA2062"),
	// 						RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
	// 						Severity: to.Ptr(armsecurity.RuleSeverityHigh),
	// 						Title: to.Ptr("Database-level firewall rules should not grant excessive access"),
	// 					},
	// 					Status: to.Ptr(armsecurity.RuleStatusNonFinding),
	// 				},
	// 			},
	// 			{
	// 				Name: to.Ptr("VA2063"),
	// 				Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
	// 				ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
	// 				Properties: &armsecurity.ScanResultProperties{
	// 					BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
	// 						Baseline: &armsecurity.Baseline{
	// 							ExpectedResults: [][]*string{
	// 								[]*string{
	// 									to.Ptr("Test"),
	// 									to.Ptr("0.0.0.0"),
	// 									to.Ptr("125.125.125.125")}},
	// 									UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
	// 								},
	// 								ResultsNotInBaseline: [][]*string{
	// 								},
	// 								ResultsOnlyInBaseline: [][]*string{
	// 								},
	// 								Status: to.Ptr(armsecurity.RuleStatusNonFinding),
	// 							},
	// 							IsTrimmed: to.Ptr(false),
	// 							QueryResults: [][]*string{
	// 								[]*string{
	// 									to.Ptr("Test"),
	// 									to.Ptr("0.0.0.0"),
	// 									to.Ptr("125.125.125.125")}},
	// 									Remediation: &armsecurity.Remediation{
	// 										Description: to.Ptr("Remove server firewall rules that grant excessive access"),
	// 										Automated: to.Ptr(false),
	// 										PortalLink: to.Ptr("ReviewServerFirewallRules"),
	// 										Scripts: []*string{
	// 											to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
	// 										},
	// 										RuleID: to.Ptr("VA2063"),
	// 										RuleMetadata: &armsecurity.VaRule{
	// 											Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
	// 											BenchmarkReferences: []*armsecurity.BenchmarkReference{
	// 											},
	// 											Category: to.Ptr("SurfaceAreaReduction"),
	// 											QueryCheck: &armsecurity.QueryCheck{
	// 												ColumnNames: []*string{
	// 													to.Ptr("Firewall Rule Name"),
	// 													to.Ptr("Start Address"),
	// 													to.Ptr("End Address")},
	// 													ExpectedResult: [][]*string{
	// 													},
	// 													Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;"),
	// 												},
	// 												Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
	// 												RuleID: to.Ptr("VA2063"),
	// 												RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
	// 												Severity: to.Ptr(armsecurity.RuleSeverityHigh),
	// 												Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
	// 											},
	// 											Status: to.Ptr(armsecurity.RuleStatusFinding),
	// 										},
	// 								}},
	// 							}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets a list of scan results for a single scan record.
 *
 * @summary Gets a list of scan results for a single scan record.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
 */
async function listScanResults() {
  const scanId = "Scheduled-20200623";
  const workspaceId = "55555555-6666-7777-8888-999999999999";
  const resourceId =
    "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.sqlVulnerabilityAssessmentScanResults.list(
    scanId,
    workspaceId,
    resourceId,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "Scheduled-20200623";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);

// invoke the operation and iterate over the result
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
await foreach (SqlVulnerabilityAssessmentScanResult item in sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultsAsync(workspaceId))
{
    Console.WriteLine($"Succeeded: {item}");
}

Console.WriteLine("Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:

200

{
  "value": [
    {
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062",
      "name": "VA2062",
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
      "properties": {
        "ruleId": "VA2062",
        "status": "NonFinding",
        "isTrimmed": false,
        "queryResults": [],
        "remediation": {
          "description": "Remove database firewall rules that grant excessive access",
          "scripts": [],
          "automated": false,
          "portalLink": ""
        },
        "baselineAdjustedResult": null,
        "ruleMetadata": {
          "ruleId": "VA2062",
          "severity": "High",
          "category": "SurfaceAreaReduction",
          "ruleType": "NegativeList",
          "title": "Database-level firewall rules should not grant excessive access",
          "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.",
          "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.",
          "queryCheck": {
            "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;",
            "expectedResult": [],
            "columnNames": [
              "Firewall Rule Name",
              "Start Address",
              "End Address"
            ]
          },
          "benchmarkReferences": []
        }
      }
    },
    {
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
      "name": "VA2063",
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
      "properties": {
        "ruleId": "VA2063",
        "status": "Finding",
        "isTrimmed": false,
        "queryResults": [
          [
            "Test",
            "0.0.0.0",
            "125.125.125.125"
          ]
        ],
        "remediation": {
          "description": "Remove server firewall rules that grant excessive access",
          "scripts": [
            "EXECUTE sp_delete_firewall_rule N'Test';"
          ],
          "automated": false,
          "portalLink": "ReviewServerFirewallRules"
        },
        "baselineAdjustedResult": {
          "baseline": {
            "expectedResults": [
              [
                "Test",
                "0.0.0.0",
                "125.125.125.125"
              ]
            ],
            "updatedTime": "2020-02-04T12:49:41.027771+00:00"
          },
          "status": "NonFinding",
          "resultsNotInBaseline": [],
          "resultsOnlyInBaseline": []
        },
        "ruleMetadata": {
          "ruleId": "VA2063",
          "severity": "High",
          "category": "SurfaceAreaReduction",
          "ruleType": "NegativeList",
          "title": "Server-level firewall rules should not grant excessive access",
          "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
          "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
          "queryCheck": {
            "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;",
            "expectedResult": [],
            "columnNames": [
              "Firewall Rule Name",
              "Start Address",
              "End Address"
            ]
          },
          "benchmarkReferences": []
        }
      }
    }
  ]
}

List scan results of the latest scan

要求のサンプル

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview

Java

/**
 * Samples for SqlVulnerabilityAssessmentScanResults List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
     * sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
     */
    /**
     * Sample code: List scan results of the latest scan.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listScanResultsOfTheLatestScan(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.sqlVulnerabilityAssessmentScanResults().listWithResponse("latest",
            "55555555-6666-7777-8888-999999999999",
            "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_List_listScanResultsOfTheLatestScan() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().List(ctx, "latest", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ScanResults = armsecurity.ScanResults{
	// 	Value: []*armsecurity.ScanResult{
	// 		{
	// 			Name: to.Ptr("VA2062"),
	// 			Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
	// 			ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062"),
	// 			Properties: &armsecurity.ScanResultProperties{
	// 				IsTrimmed: to.Ptr(false),
	// 				QueryResults: [][]*string{
	// 				},
	// 				Remediation: &armsecurity.Remediation{
	// 					Description: to.Ptr("Remove database firewall rules that grant excessive access"),
	// 					Automated: to.Ptr(false),
	// 					PortalLink: to.Ptr(""),
	// 					Scripts: []*string{
	// 					},
	// 				},
	// 				RuleID: to.Ptr("VA2062"),
	// 				RuleMetadata: &armsecurity.VaRule{
	// 					Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access."),
	// 					BenchmarkReferences: []*armsecurity.BenchmarkReference{
	// 					},
	// 					Category: to.Ptr("SurfaceAreaReduction"),
	// 					QueryCheck: &armsecurity.QueryCheck{
	// 						ColumnNames: []*string{
	// 							to.Ptr("Firewall Rule Name"),
	// 							to.Ptr("Start Address"),
	// 							to.Ptr("End Address")},
	// 							ExpectedResult: [][]*string{
	// 							},
	// 							Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;"),
	// 						},
	// 						Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall."),
	// 						RuleID: to.Ptr("VA2062"),
	// 						RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
	// 						Severity: to.Ptr(armsecurity.RuleSeverityHigh),
	// 						Title: to.Ptr("Database-level firewall rules should not grant excessive access"),
	// 					},
	// 					Status: to.Ptr(armsecurity.RuleStatusNonFinding),
	// 				},
	// 			},
	// 			{
	// 				Name: to.Ptr("VA2063"),
	// 				Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
	// 				ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
	// 				Properties: &armsecurity.ScanResultProperties{
	// 					BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
	// 						Baseline: &armsecurity.Baseline{
	// 							ExpectedResults: [][]*string{
	// 								[]*string{
	// 									to.Ptr("Test"),
	// 									to.Ptr("0.0.0.0"),
	// 									to.Ptr("125.125.125.125")}},
	// 									UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
	// 								},
	// 								ResultsNotInBaseline: [][]*string{
	// 								},
	// 								ResultsOnlyInBaseline: [][]*string{
	// 								},
	// 								Status: to.Ptr(armsecurity.RuleStatusNonFinding),
	// 							},
	// 							IsTrimmed: to.Ptr(false),
	// 							QueryResults: [][]*string{
	// 								[]*string{
	// 									to.Ptr("Test"),
	// 									to.Ptr("0.0.0.0"),
	// 									to.Ptr("125.125.125.125")}},
	// 									Remediation: &armsecurity.Remediation{
	// 										Description: to.Ptr("Remove server firewall rules that grant excessive access"),
	// 										Automated: to.Ptr(false),
	// 										PortalLink: to.Ptr("ReviewServerFirewallRules"),
	// 										Scripts: []*string{
	// 											to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
	// 										},
	// 										RuleID: to.Ptr("VA2063"),
	// 										RuleMetadata: &armsecurity.VaRule{
	// 											Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
	// 											BenchmarkReferences: []*armsecurity.BenchmarkReference{
	// 											},
	// 											Category: to.Ptr("SurfaceAreaReduction"),
	// 											QueryCheck: &armsecurity.QueryCheck{
	// 												ColumnNames: []*string{
	// 													to.Ptr("Firewall Rule Name"),
	// 													to.Ptr("Start Address"),
	// 													to.Ptr("End Address")},
	// 													ExpectedResult: [][]*string{
	// 													},
	// 													Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;"),
	// 												},
	// 												Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
	// 												RuleID: to.Ptr("VA2063"),
	// 												RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
	// 												Severity: to.Ptr(armsecurity.RuleSeverityHigh),
	// 												Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
	// 											},
	// 											Status: to.Ptr(armsecurity.RuleStatusFinding),
	// 										},
	// 								}},
	// 							}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets a list of scan results for a single scan record.
 *
 * @summary Gets a list of scan results for a single scan record.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
 */
async function listScanResultsOfTheLatestScan() {
  const scanId = "latest";
  const workspaceId = "55555555-6666-7777-8888-999999999999";
  const resourceId =
    "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.sqlVulnerabilityAssessmentScanResults.list(
    scanId,
    workspaceId,
    resourceId,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "latest";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);

// invoke the operation and iterate over the result
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
await foreach (SqlVulnerabilityAssessmentScanResult item in sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultsAsync(workspaceId))
{
    Console.WriteLine($"Succeeded: {item}");
}

Console.WriteLine("Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:

200

{
  "value": [
    {
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062",
      "name": "VA2062",
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
      "properties": {
        "ruleId": "VA2062",
        "status": "NonFinding",
        "isTrimmed": false,
        "queryResults": [],
        "remediation": {
          "description": "Remove database firewall rules that grant excessive access",
          "scripts": [],
          "automated": false,
          "portalLink": ""
        },
        "baselineAdjustedResult": null,
        "ruleMetadata": {
          "ruleId": "VA2062",
          "severity": "High",
          "category": "SurfaceAreaReduction",
          "ruleType": "NegativeList",
          "title": "Database-level firewall rules should not grant excessive access",
          "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.",
          "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.",
          "queryCheck": {
            "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;",
            "expectedResult": [],
            "columnNames": [
              "Firewall Rule Name",
              "Start Address",
              "End Address"
            ]
          },
          "benchmarkReferences": []
        }
      }
    },
    {
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
      "name": "VA2063",
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
      "properties": {
        "ruleId": "VA2063",
        "status": "Finding",
        "isTrimmed": false,
        "queryResults": [
          [
            "Test",
            "0.0.0.0",
            "125.125.125.125"
          ]
        ],
        "remediation": {
          "description": "Remove server firewall rules that grant excessive access",
          "scripts": [
            "EXECUTE sp_delete_firewall_rule N'Test';"
          ],
          "automated": false,
          "portalLink": "ReviewServerFirewallRules"
        },
        "baselineAdjustedResult": {
          "baseline": {
            "expectedResults": [
              [
                "Test",
                "0.0.0.0",
                "125.125.125.125"
              ]
            ],
            "updatedTime": "2020-02-04T12:49:41.027771+00:00"
          },
          "status": "NonFinding",
          "resultsNotInBaseline": [],
          "resultsOnlyInBaseline": []
        },
        "ruleMetadata": {
          "ruleId": "VA2063",
          "severity": "High",
          "category": "SurfaceAreaReduction",
          "ruleType": "NegativeList",
          "title": "Server-level firewall rules should not grant excessive access",
          "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
          "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
          "queryCheck": {
            "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;",
            "expectedResult": [],
            "columnNames": [
              "Firewall Rule Name",
              "Start Address",
              "End Address"
            ]
          },
          "benchmarkReferences": []
        }
      }
    }
  ]
}

定義

名前	説明
Baseline	ベースラインの詳細。
BaselineAdjustedResult	ベースラインで調整されたルールの結果。
BenchmarkReference	ベンチマーク参照。
CloudError	失敗した操作のエラーの詳細を返す、すべての Azure Resource Manager API の一般的なエラー応答。 (これは、OData エラー応答形式にも従います)。
CloudErrorBody	エラーの詳細。
ErrorAdditionalInfo	リソース管理エラーの追加情報。
QueryCheck	ルール クエリの詳細。
Remediation	修復の詳細。
RuleSeverity	ルールの重大度。
RuleStatus	ルールの結果の状態。
RuleType	ルールの種類。
ScanResult	1 つのルールに対する脆弱性評価スキャンの結果。
ScanResultProperties	1 つのルールの脆弱性評価スキャン結果プロパティ。
ScanResults	脆弱性評価スキャン結果の一覧。
VaRule	脆弱性評価ルールのメタデータの詳細。

Baseline

Object

ベースラインの詳細。

名前	型	説明
expectedResults	string[]	予想される結果。
updatedTime	string (date-time)	基準更新時刻 (UTC)。

BaselineAdjustedResult

Object

ベースラインで調整されたルールの結果。

名前	型	説明
baseline	Baseline	ベースラインの詳細。
resultsNotInBaseline	string[]	結果はベースラインにありません。
resultsOnlyInBaseline	string[]	結果はベースラインになります。
status	RuleStatus	ルールの結果の状態。

BenchmarkReference

Object

ベンチマーク参照。

名前	型	説明
benchmark	string	ベンチマーク名。
reference	string	ベンチマークリファレンス。

CloudError

Object

失敗した操作のエラーの詳細を返す、すべての Azure Resource Manager API の一般的なエラー応答。 (これは、OData エラー応答形式にも従います)。

名前	型	説明
error.additionalInfo	ErrorAdditionalInfo[]	エラーの追加情報。
error.code	string	エラー コード。
error.details	CloudErrorBody[]	エラーの詳細。
error.message	string	エラー メッセージ。
error.target	string	エラーターゲット。

CloudErrorBody

Object

エラーの詳細。

名前	型	説明
additionalInfo	ErrorAdditionalInfo[]	エラーの追加情報。
code	string	エラー コード。
details	CloudErrorBody[]	エラーの詳細。
message	string	エラー メッセージ。
target	string	エラーターゲット。

ErrorAdditionalInfo

Object

リソース管理エラーの追加情報。

名前	型	説明
info	object	追加情報。
type	string	追加情報の種類。

QueryCheck

Object

ルール クエリの詳細。

名前	型	説明
columnNames	string[]	予想される結果の列名。
expectedResult	string[]	予想される結果。
query	string	ルール クエリ。

Remediation

Object

修復の詳細。

名前	型	説明
automated	boolean	修復は自動化されています。
description	string	修復の説明。
portalLink	string	Azure Portal で修復するためのオプションのリンク。
scripts	string[]	修復スクリプト。

RuleSeverity

列挙

ルールの重大度。

値	説明
High	高い
Informational	情報
Low	低い
Medium	中程度
Obsolete	廃れた

RuleStatus

列挙

ルールの結果の状態。

値	説明
Finding	発見
InternalError	InternalError
NonFinding	NonFinding

RuleType

列挙

ルールの種類。

値	説明
BaselineExpected	BaselineExpected
Binary	バイナリ
NegativeList	NegativeList
PositiveList	PositiveList

ScanResult

Object

1 つのルールに対する脆弱性評価スキャンの結果。

名前	型	説明
id	string	リソース ID
name	string	リソース名
properties	ScanResultProperties	1 つのルールの脆弱性評価スキャン結果プロパティ。
type	string	リソースの種類

ScanResultProperties

Object

1 つのルールの脆弱性評価スキャン結果プロパティ。

名前	型	説明
baselineAdjustedResult	BaselineAdjustedResult	ベースラインで調整されたルールの結果。
isTrimmed	boolean	ここで指定した結果をトリミングするかどうかを示します。
queryResults	string[]	実行されたクエリの結果。
remediation	Remediation	修復の詳細。
ruleId	string	ルール ID。
ruleMetadata	VaRule	脆弱性評価ルールのメタデータの詳細。
status	RuleStatus	ルールの結果の状態。

ScanResults

Object

脆弱性評価スキャン結果の一覧。

名前	型	説明
value	ScanResult[]	脆弱性評価スキャン結果の一覧。

VaRule

Object

脆弱性評価ルールのメタデータの詳細。

名前	型	説明
benchmarkReferences	BenchmarkReference[]	ベンチマーク参照。
category	string	ルール カテゴリ。
description	string	ルールの説明。
queryCheck	QueryCheck	ルール クエリの詳細。
rationale	string	ルールの根拠。
ruleId	string	ルール ID。
ruleType	RuleType	ルールの種類。
severity	RuleSeverity	ルールの重大度。
title	string	ルールのタイトル。