你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline
设置漏洞评估规则基线。
语法
Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline
[-InstanceName] <String>
[-DatabaseName] <String>
-BaselineResult <String[][]>
-RuleId <String>
[-RuleAppliesToMaster]
[-ResourceGroupName] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline
[-InputObject <VulnerabilityAssessmentRuleBaselineModel>]
-BaselineResult <String[][]>
-RuleId <String>
[-RuleAppliesToMaster]
[-ResourceGroupName] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
说明
Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline cmdlet 设置漏洞评估规则基线。 在查看评估结果时,可将特定结果标记为环境中可接受的基线。 基线其实就是自定义结果的报告方式。 与基线匹配的结果被视为通过后续扫描。 建立基线安全状态后,漏洞评估只会报告与基线的偏差,并且可以将注意力集中在相关问题上。 请注意,需要运行 Enable-AzSqlInstanceAdvancedDataSecurity 和 Update-AzSqlInstanceVulnerabilityAssessmentSetting cmdlet 作为使用此 cmdlet 的先决条件。
示例
示例 1:设置漏洞评估规则基线
Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ResourceGroup01" `
-InstanceName "ManagedInstance01" `
-DatabaseName "Database01" `
-RuleId "VA2108" `
-RuleAppliesToMaster `
-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
ResourceGroupName : ResourceGroup01
InstanceName : ManagedInstance01
DatabaseName : Database01
RuleId : VA2108
RuleAppliesToMaster : True
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
BaselineResult 值是描述要添加到基线的 T-SQL 结果的多个子数组的组合。
可以在 scans/{ManagedInstanceName}/{ManagedDatabaseName}/scan_{ScanId}.json下,在 Update-AzSqlInstanceVulnerabilityAssessmentSetting cmdlet 定义的存储下找到扫描结果
示例 2:从基线对象设置漏洞评估规则基线
Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ResourceGroup01" `
-InstanceName "ManagedInstance01" `
-DatabaseName "Database01" `
-RuleId "VA2108" `
-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
Get-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ResourceGroup01" `
-InstanceName "ManagedInstance01" `
-DatabaseName "Database01" `
-RuleId "VA2108" `
| Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ResourceGroup02" `
-InstanceName "ManagedInstance02" `
-DatabaseName "Database02"
ResourceGroupName : ResourceGroup02
InstanceName : ManagedInstance02
DatabaseName : Database02
RuleId : VA2108
RuleAppliesToMaster : False
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
示例 3:在托管实例下的所有数据库上设置漏洞评估规则基线
Get-AzSqlInstanceDatabase -ResourceGroupName "ResourceGroup01" `
-InstanceName "ManagedInstance01" `
| Where-Object {$_.Name -ne "master"} `
| Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-RuleId "VA2108" `
-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
ResourceGroupName : ResourceGroup01
InstanceName : ManagedInstance01
DatabaseName : Database01
RuleId : VA2108
RuleAppliesToMaster : False
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
ResourceGroupName : ResourceGroup01
InstanceName : ManagedInstance01
DatabaseName : Database02
RuleId : VA2108
RuleAppliesToMaster : False
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
参数
-BaselineResult
在将来的所有扫描中将规则设置为基线的结果
类型: | String[][] |
Position: | Named |
默认值: | None |
必需: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Confirm
提示你在运行 cmdlet 之前进行确认。
类型: | SwitchParameter |
Aliases: | cf |
Position: | Named |
默认值: | None |
必需: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DatabaseName
SQL 托管数据库名称。
类型: | String |
Position: | 2 |
默认值: | None |
必需: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-DefaultProfile
用于与 Azure 通信的凭据、帐户、租户和订阅。
类型: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
默认值: | None |
必需: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
要设置的漏洞评估规则基线对象
类型: | VulnerabilityAssessmentRuleBaselineModel |
Position: | Named |
默认值: | None |
必需: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-InstanceName
SQL 托管实例名称。
类型: | String |
Position: | 1 |
默认值: | None |
必需: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceGroupName
资源组的名称。
类型: | String |
Position: | 0 |
默认值: | None |
必需: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RuleAppliesToMaster
指定基线结果是否应在由 RuleId 标识的服务器级别规则上应用
类型: | SwitchParameter |
Position: | Named |
默认值: | None |
必需: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RuleId
用于标识要设置基线结果的规则的规则 ID。
类型: | String |
Position: | Named |
默认值: | None |
必需: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
类型: | SwitchParameter |
Aliases: | wi |
Position: | Named |
默认值: | None |
必需: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
输入
VulnerabilityAssessmentRuleBaselineModel
String[][]
输出
反馈
https://aka.ms/ContentUserFeedback。
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈