你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline
设置漏洞评估规则基线。
语法
Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline
[-WorkspaceName] <String>
[-Name] <String>
[-InputObject <VulnerabilityAssessmentRuleBaselineModel>]
-BaselineResult <String[][]>
[-AsJob]
-RuleId <String>
[-RuleAppliesToMaster]
[-ResourceGroupName] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
说明
Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline cmdlet 设置漏洞评估规则基线。 在查看评估结果时,可将特定结果标记为环境中可接受的基线。 基线其实就是自定义结果的报告方式。 与基线匹配的结果被视为通过后续扫描。 建立基线安全状态后,漏洞评估只会报告与基线的偏差,并且可以将注意力集中在相关问题上。 请注意,需要运行 Enable-AzSynapseSqlAdvancedDataSecurity 和 Update-AzSynapseSqlVulnerabilityAssessmentSetting cmdlet 作为使用此 cmdlet 的先决条件。
示例
示例 1:设置漏洞评估规则基线
Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ContosoResourceGroup" `
-WorkspaceName "ContosoWorkspace" `
-SqlPoolName "ContosoSqlPool" `
-RuleId "VA2108" `
-RuleAppliesToMaster `
-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
ResourceGroupName : ContosoResourceGroup
WorkspaceName : ContosoWorkspace
SqlPoolName : ContosoSqlPool
RuleId : VA2108
RuleAppliesToMaster : True
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
BaselineResult 值是描述要添加到基线的 T-SQL 结果的多个子数组的组合。
可以在 Update-AzSynapseSqlVulnerabilityAssessmentSetting cmdlet 的存储下找到扫描结果,在 scans/{WorkspaceName}/{SqlPoolName}/scan_{ScanId}.json
示例 2:从基线对象设置漏洞评估规则基线
Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ContosoResourceGroup" `
-WorkspaceName "ContosoWorkspace" `
-SqlPoolName "ContosoSqlPool" `
-RuleId "VA2108" `
-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
Get-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ContosoResourceGroup" `
-WorkspaceName "ContosoWorkspace" `
-SqlPoolName "ContosoSqlPool" `
-RuleId "VA2108" `
| Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ResourceGroup02" `
-WorkspaceName "Server02" `
-SqlPoolName "ContosoSqlPool02"
ResourceGroupName : ResourceGroup02
WorkspaceName : Server02
SqlPoolName : ContosoSqlPool02
RuleId : VA2108
RuleAppliesToMaster : False
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
示例 3:在工作区下的所有 SQL 池上设置漏洞评估规则基线
Get-AzSynapseSqlPool -ResourceGroupName "ContosoResourceGroup" `
-WorkspaceName "ContosoWorkspace" `
| Where-Object {$_.Name -ne "master"} `
| Set-AzSynapseSqlPoolVulnerabilityAssessmentRuleBaseline `
-RuleId "VA2108" `
-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
ResourceGroupName : ContosoResourceGroup
WorkspaceName : ContosoWorkspace
SqlPoolName : ContosoSqlPool
RuleId : VA2108
RuleAppliesToMaster : False
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
ResourceGroupName : ContosoResourceGroup
WorkspaceName : ContosoWorkspace
SqlPoolName : ContosoSqlPool02
RuleId : VA2108
RuleAppliesToMaster : False
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
参数
-AsJob
在后台运行 cmdlet
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-BaselineResult
在将来的所有扫描中将规则设置为基线的结果
Type: | String[][] |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Confirm
提示你在运行 cmdlet 之前进行确认。
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
用于与 Azure 通信的凭据、帐户、租户和订阅。
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
要设置的漏洞评估规则基线对象
Type: | VulnerabilityAssessmentRuleBaselineModel |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Name
Synapse SQL 池的名称。
Type: | String |
Aliases: | SqlPoolName |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceGroupName
资源组名称。
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RuleAppliesToMaster
指定基线结果是否应用于由 RuleId 标识的工作区级别规则
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RuleId
用于标识要设置基线结果的规则的规则 ID。
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
Synapse 工作区的名称。
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
输入
VulnerabilityAssessmentRuleBaselineModel
String[][]
输出
反馈
https://aka.ms/ContentUserFeedback。
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈