Bewerken

Delen via


Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline

Sets the vulnerability assessment rule baseline.

Syntax

Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline
   [-WorkspaceName] <String>
   [-Name] <String>
   [-InputObject <VulnerabilityAssessmentRuleBaselineModel>]
   -BaselineResult <String[][]>
   [-AsJob]
   -RuleId <String>
   [-RuleAppliesToMaster]
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline cmdlet sets the vulnerability assessment rule baseline. As you review your assessment results, you can mark specific results as being an acceptable Baseline in your environment. The baseline is essentially a customization of how the results are reported. Results that match the baseline are considered as passing in subsequent scans. Once you have established your baseline security state, vulnerability assessment only reports on deviations from the baseline, and you can focus your attention on the relevant issues. Note that you need to run Enable-AzSynapseSqlAdvancedDataSecurity and Update-AzSynapseSqlVulnerabilityAssessmentSetting cmdlet as a prerequisite for using this cmdlet.

Examples

Example 1: Set a vulnerability assessment rule baseline

Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline  `
			-ResourceGroupName "ContosoResourceGroup" `
			-WorkspaceName "ContosoWorkspace"  `
			-SqlPoolName "ContosoSqlPool"  `
			-RuleId "VA2108" `
			-RuleAppliesToMaster `
			-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

ResourceGroupName		: ContosoResourceGroup
WorkspaceName	        	: ContosoWorkspace
SqlPoolName	    	: ContosoSqlPool
RuleId		        	: VA2108
RuleAppliesToMaster    	: True
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

BaselineResult value is a composition of several sub arrays that described the T-SQL results that will be added to the baseline.
You may find the Scan results under the storage defined by the Update-AzSynapseSqlVulnerabilityAssessmentSetting cmdlet, under scans/{WorkspaceName}/{SqlPoolName}/scan_{ScanId}.json

Example 2: Set a vulnerability assessment rule baseline from a baseline object

Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline `
            -ResourceGroupName "ContosoResourceGroup" `
            -WorkspaceName "ContosoWorkspace" `
            -SqlPoolName "ContosoSqlPool" `
            -RuleId "VA2108" `
            -BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

Get-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline `
            -ResourceGroupName "ContosoResourceGroup" `
            -WorkspaceName "ContosoWorkspace" `
            -SqlPoolName "ContosoSqlPool" `
            -RuleId "VA2108" `
            |  Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline `
                -ResourceGroupName "ResourceGroup02" `
                -WorkspaceName "Server02" `
                -SqlPoolName "ContosoSqlPool02"

ResourceGroupName		: ResourceGroup02
WorkspaceName	        	: Server02
SqlPoolName	    	: ContosoSqlPool02
RuleId		        	: VA2108
RuleAppliesToMaster    	: False
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

Example 3: Set a vulnerability assessment rule baseline on all the SQL pools under a workspace

Get-AzSynapseSqlPool -ResourceGroupName "ContosoResourceGroup" `
            -WorkspaceName "ContosoWorkspace" `
            | Where-Object {$_.Name -ne "master"}  `
            | Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline `
                -RuleId "VA2108" `
                -BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

ResourceGroupName		: ContosoResourceGroup
WorkspaceName	        	: ContosoWorkspace
SqlPoolName	    	: ContosoSqlPool
RuleId		        	: VA2108
RuleAppliesToMaster    	: False
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

ResourceGroupName		: ContosoResourceGroup
WorkspaceName	        	: ContosoWorkspace
SqlPoolName	    	: ContosoSqlPool02
RuleId		        	: VA2108
RuleAppliesToMaster    	: False
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

Parameters

-AsJob

Run cmdlet in the background

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BaselineResult

The results to set as baseline for the rule in all future scans

Type:String[][]
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

The Vulnerability Assessment rule baseline object to set

Type:VulnerabilityAssessmentRuleBaselineModel
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Name

Name of Synapse SQL pool.

Type:String
Aliases:SqlPoolName
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

Resource group name.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-RuleAppliesToMaster

Specifies whether the baseline results should apply on a workspace level rule identified by the RuleId

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-RuleId

The rule ID which identifies the rule to set the baseline results to.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WorkspaceName

Name of Synapse workspace.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

Inputs

String

VulnerabilityAssessmentRuleBaselineModel

String[][]

SwitchParameter

Outputs

SqlPoolVulnerabilityAssessmentRuleBaselineModel