Sql Vulnerability Assessment Scan Results - Get

服务:

Defender for Cloud

API 版本:

2023-02-01-preview

获取扫描记录中单个规则的扫描结果。

GET https://management.azure.com/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults/{scanResultId}?workspaceId={workspaceId}&api-version=2023-02-01-preview

URI 参数

名称	在	必需	类型	说明
resourceId	path	True	string	资源的标识符。
scanId	path	True	string	扫描 ID。键入“latest”以获取最新扫描的扫描结果。
scanResultId	path	True	string	结果的规则 ID。
api-version	query	True	string	API 版本。
workspaceId	query	True	string	工作区 ID。

响应

名称	类型	说明
200 OK	ScanResult	返回扫描结果。
Other Status Codes	CloudError	描述作失败的原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

Get scan details of a scan record

Get scan details of the latest scan record

Get scan details of a scan record

示例请求

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview

Java

/**
 * Samples for SqlVulnerabilityAssessmentScanResults Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
     * sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
     */
    /**
     * Sample code: Get scan details of a scan record.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getScanDetailsOfAScanRecord(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.sqlVulnerabilityAssessmentScanResults().getWithResponse("Scheduled-20200623", "VA2063",
            "55555555-6666-7777-8888-999999999999",
            "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_Get_getScanDetailsOfAScanRecord() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().Get(ctx, "Scheduled-20200623", "VA2063", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ScanResult = armsecurity.ScanResult{
	// 	Name: to.Ptr("VA2063"),
	// 	Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
	// 	ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
	// 	Properties: &armsecurity.ScanResultProperties{
	// 		BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
	// 			Baseline: &armsecurity.Baseline{
	// 				ExpectedResults: [][]*string{
	// 					[]*string{
	// 						to.Ptr("Test"),
	// 						to.Ptr("0.0.0.0"),
	// 						to.Ptr("125.125.125.125")}},
	// 						UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
	// 					},
	// 					ResultsNotInBaseline: [][]*string{
	// 					},
	// 					ResultsOnlyInBaseline: [][]*string{
	// 					},
	// 					Status: to.Ptr(armsecurity.RuleStatusNonFinding),
	// 				},
	// 				IsTrimmed: to.Ptr(false),
	// 				QueryResults: [][]*string{
	// 					[]*string{
	// 						to.Ptr("Test"),
	// 						to.Ptr("0.0.0.0"),
	// 						to.Ptr("125.125.125.125")}},
	// 						Remediation: &armsecurity.Remediation{
	// 							Description: to.Ptr("Remove server firewall rules that grant excessive access"),
	// 							Automated: to.Ptr(false),
	// 							PortalLink: to.Ptr("ReviewServerFirewallRules"),
	// 							Scripts: []*string{
	// 								to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
	// 							},
	// 							RuleID: to.Ptr("VA2063"),
	// 							RuleMetadata: &armsecurity.VaRule{
	// 								Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
	// 								BenchmarkReferences: []*armsecurity.BenchmarkReference{
	// 								},
	// 								Category: to.Ptr("SurfaceAreaReduction"),
	// 								QueryCheck: &armsecurity.QueryCheck{
	// 									ColumnNames: []*string{
	// 										to.Ptr("Firewall Rule Name"),
	// 										to.Ptr("Start Address"),
	// 										to.Ptr("End Address")},
	// 										ExpectedResult: [][]*string{
	// 										},
	// 										Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;"),
	// 									},
	// 									Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
	// 									RuleID: to.Ptr("VA2063"),
	// 									RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
	// 									Severity: to.Ptr(armsecurity.RuleSeverityHigh),
	// 									Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
	// 								},
	// 								Status: to.Ptr(armsecurity.RuleStatusFinding),
	// 							},
	// 						}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets the scan results of a single rule in a scan record.
 *
 * @summary Gets the scan results of a single rule in a scan record.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
 */
async function getScanDetailsOfAScanRecord() {
  const scanId = "Scheduled-20200623";
  const scanResultId = "VA2063";
  const workspaceId = "55555555-6666-7777-8888-999999999999";
  const resourceId =
    "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.sqlVulnerabilityAssessmentScanResults.get(
    scanId,
    scanResultId,
    workspaceId,
    resourceId,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "Scheduled-20200623";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);

// invoke the operation
string scanResultId = "VA2063";
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
SqlVulnerabilityAssessmentScanResult result = await sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultAsync(scanResultId, workspaceId);

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:

200

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
  "name": "VA2063",
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
  "properties": {
    "ruleId": "VA2063",
    "status": "Finding",
    "isTrimmed": false,
    "queryResults": [
      [
        "Test",
        "0.0.0.0",
        "125.125.125.125"
      ]
    ],
    "remediation": {
      "description": "Remove server firewall rules that grant excessive access",
      "scripts": [
        "EXECUTE sp_delete_firewall_rule N'Test';"
      ],
      "automated": false,
      "portalLink": "ReviewServerFirewallRules"
    },
    "baselineAdjustedResult": {
      "baseline": {
        "expectedResults": [
          [
            "Test",
            "0.0.0.0",
            "125.125.125.125"
          ]
        ],
        "updatedTime": "2020-02-04T12:49:41.027771+00:00"
      },
      "status": "NonFinding",
      "resultsNotInBaseline": [],
      "resultsOnlyInBaseline": []
    },
    "ruleMetadata": {
      "ruleId": "VA2063",
      "severity": "High",
      "category": "SurfaceAreaReduction",
      "ruleType": "NegativeList",
      "title": "Server-level firewall rules should not grant excessive access",
      "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
      "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
      "queryCheck": {
        "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;",
        "expectedResult": [],
        "columnNames": [
          "Firewall Rule Name",
          "Start Address",
          "End Address"
        ]
      },
      "benchmarkReferences": []
    }
  }
}

Get scan details of the latest scan record

示例请求

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults/VA2063?workspaceId=55555555-6666-7777-8888-999999999999&api-version=2023-02-01-preview

Java

/**
 * Samples for SqlVulnerabilityAssessmentScanResults Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/
     * sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
     */
    /**
     * Sample code: Get scan details of the latest scan record.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getScanDetailsOfTheLatestScanRecord(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.sqlVulnerabilityAssessmentScanResults().getWithResponse("latest", "VA2063",
            "55555555-6666-7777-8888-999999999999",
            "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
func ExampleSQLVulnerabilityAssessmentScanResultsClient_Get_getScanDetailsOfTheLatestScanRecord() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSQLVulnerabilityAssessmentScanResultsClient().Get(ctx, "latest", "VA2063", "55555555-6666-7777-8888-999999999999", "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ScanResult = armsecurity.ScanResult{
	// 	Name: to.Ptr("VA2063"),
	// 	Type: to.Ptr("Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"),
	// 	ID: to.Ptr("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063"),
	// 	Properties: &armsecurity.ScanResultProperties{
	// 		BaselineAdjustedResult: &armsecurity.BaselineAdjustedResult{
	// 			Baseline: &armsecurity.Baseline{
	// 				ExpectedResults: [][]*string{
	// 					[]*string{
	// 						to.Ptr("Test"),
	// 						to.Ptr("0.0.0.0"),
	// 						to.Ptr("125.125.125.125")}},
	// 						UpdatedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-04T12:49:41.027Z"); return t}()),
	// 					},
	// 					ResultsNotInBaseline: [][]*string{
	// 					},
	// 					ResultsOnlyInBaseline: [][]*string{
	// 					},
	// 					Status: to.Ptr(armsecurity.RuleStatusNonFinding),
	// 				},
	// 				IsTrimmed: to.Ptr(false),
	// 				QueryResults: [][]*string{
	// 					[]*string{
	// 						to.Ptr("Test"),
	// 						to.Ptr("0.0.0.0"),
	// 						to.Ptr("125.125.125.125")}},
	// 						Remediation: &armsecurity.Remediation{
	// 							Description: to.Ptr("Remove server firewall rules that grant excessive access"),
	// 							Automated: to.Ptr(false),
	// 							PortalLink: to.Ptr("ReviewServerFirewallRules"),
	// 							Scripts: []*string{
	// 								to.Ptr("EXECUTE sp_delete_firewall_rule N'Test';")},
	// 							},
	// 							RuleID: to.Ptr("VA2063"),
	// 							RuleMetadata: &armsecurity.VaRule{
	// 								Description: to.Ptr("The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access."),
	// 								BenchmarkReferences: []*armsecurity.BenchmarkReference{
	// 								},
	// 								Category: to.Ptr("SurfaceAreaReduction"),
	// 								QueryCheck: &armsecurity.QueryCheck{
	// 									ColumnNames: []*string{
	// 										to.Ptr("Firewall Rule Name"),
	// 										to.Ptr("Start Address"),
	// 										to.Ptr("End Address")},
	// 										ExpectedResult: [][]*string{
	// 										},
	// 										Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;"),
	// 									},
	// 									Rationale: to.Ptr("Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall."),
	// 									RuleID: to.Ptr("VA2063"),
	// 									RuleType: to.Ptr(armsecurity.RuleTypeNegativeList),
	// 									Severity: to.Ptr(armsecurity.RuleSeverityHigh),
	// 									Title: to.Ptr("Server-level firewall rules should not grant excessive access"),
	// 								},
	// 								Status: to.Ptr(armsecurity.RuleStatusFinding),
	// 							},
	// 						}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets the scan results of a single rule in a scan record.
 *
 * @summary Gets the scan results of a single rule in a scan record.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
 */
async function getScanDetailsOfTheLatestScanRecord() {
  const scanId = "latest";
  const scanResultId = "VA2063";
  const workspaceId = "55555555-6666-7777-8888-999999999999";
  const resourceId =
    "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.sqlVulnerabilityAssessmentScanResults.get(
    scanId,
    scanResultId,
    workspaceId,
    resourceId,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json
// this example is just showing the usage of "SqlVulnerabilityAssessmentScanResults_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlVulnerabilityAssessmentScanResource created on azure
// for more information of creating SqlVulnerabilityAssessmentScanResource, please refer to the document of SqlVulnerabilityAssessmentScanResource
string resourceId = "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master";
string scanId = "latest";
ResourceIdentifier sqlVulnerabilityAssessmentScanResourceId = SqlVulnerabilityAssessmentScanResource.CreateResourceIdentifier(resourceId, scanId);
SqlVulnerabilityAssessmentScanResource sqlVulnerabilityAssessmentScan = client.GetSqlVulnerabilityAssessmentScanResource(sqlVulnerabilityAssessmentScanResourceId);

// invoke the operation
string scanResultId = "VA2063";
Guid workspaceId = Guid.Parse("55555555-6666-7777-8888-999999999999");
SqlVulnerabilityAssessmentScanResult result = await sqlVulnerabilityAssessmentScan.GetSqlVulnerabilityAssessmentScanResultAsync(scanResultId, workspaceId);

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:

200

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063",
  "name": "VA2063",
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults",
  "properties": {
    "ruleId": "VA2063",
    "status": "Finding",
    "isTrimmed": false,
    "queryResults": [
      [
        "Test",
        "0.0.0.0",
        "125.125.125.125"
      ]
    ],
    "remediation": {
      "description": "Remove server firewall rules that grant excessive access",
      "scripts": [
        "EXECUTE sp_delete_firewall_rule N'Test';"
      ],
      "automated": false,
      "portalLink": "ReviewServerFirewallRules"
    },
    "baselineAdjustedResult": {
      "baseline": {
        "expectedResults": [
          [
            "Test",
            "0.0.0.0",
            "125.125.125.125"
          ]
        ],
        "updatedTime": "2020-02-04T12:49:41.027771+00:00"
      },
      "status": "NonFinding",
      "resultsNotInBaseline": [],
      "resultsOnlyInBaseline": []
    },
    "ruleMetadata": {
      "ruleId": "VA2063",
      "severity": "High",
      "category": "SurfaceAreaReduction",
      "ruleType": "NegativeList",
      "title": "Server-level firewall rules should not grant excessive access",
      "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.",
      "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.",
      "queryCheck": {
        "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n        (CONVERT(bigint, parsename(end_ip_address, 1)) +\n         CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n        - \n        (CONVERT(bigint, parsename(start_ip_address, 1)) +\n         CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n         CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n         CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n      ) > 255;",
        "expectedResult": [],
        "columnNames": [
          "Firewall Rule Name",
          "Start Address",
          "End Address"
        ]
      },
      "benchmarkReferences": []
    }
  }
}

定义

名称	说明
Baseline	基线详细信息。
BaselineAdjustedResult	使用基线调整的规则结果。
BenchmarkReference	基准引用。
CloudError	所有 Azure 资源管理器 API 的常见错误响应，以返回失败作的错误详细信息。 （这也遵循 OData 错误响应格式）。
CloudErrorBody	错误详细信息。
ErrorAdditionalInfo	资源管理错误附加信息。
QueryCheck	规则查询详细信息。
Remediation	修正详细信息。
RuleSeverity	规则严重性。
RuleStatus	规则结果状态。
RuleType	规则类型。
ScanResult	单个规则的漏洞评估扫描结果。
ScanResultProperties	单个规则的漏洞评估扫描结果属性。
VaRule	漏洞评估规则元数据详细信息。

Baseline

Object

基线详细信息。

名称	类型	说明
expectedResults	string[]	预期结果。
updatedTime	string (date-time)	基线更新时间（UTC）。

BaselineAdjustedResult

Object

使用基线调整的规则结果。

名称	类型	说明
baseline	Baseline	基线详细信息。
resultsNotInBaseline	string[]	结果不在基线中。
resultsOnlyInBaseline	string[]	结果为基线。
status	RuleStatus	规则结果状态。

BenchmarkReference

Object

基准引用。

名称	类型	说明
benchmark	string	基准名称。
reference	string	基准参考。

CloudError

Object

所有 Azure 资源管理器 API 的常见错误响应，以返回失败作的错误详细信息。 （这也遵循 OData 错误响应格式）。

名称	类型	说明
error.additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
error.code	string	错误代码。
error.details	CloudErrorBody[]	错误详细信息。
error.message	string	错误消息。
error.target	string	错误目标。

CloudErrorBody

Object

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	CloudErrorBody[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ErrorAdditionalInfo

Object

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

QueryCheck

Object

规则查询详细信息。

名称	类型	说明
columnNames	string[]	预期结果的列名。
expectedResult	string[]	预期结果。
query	string	规则查询。

Remediation

Object

修正详细信息。

名称	类型	说明
automated	boolean	是否自动修正。
description	string	修正说明。
portalLink	string	用于在 Azure 门户中修正的可选链接。
scripts	string[]	修正脚本。

RuleSeverity

枚举

规则严重性。

值	说明
High	高
Informational	信息
Low	低
Medium	中等
Obsolete	已过时

RuleStatus

枚举

规则结果状态。

值	说明
Finding	调查发现
InternalError	InternalError
NonFinding	NonFinding

RuleType

枚举

规则类型。

值	说明
BaselineExpected	BaselineExpected
Binary	二进制
NegativeList	NegativeList
PositiveList	PositiveList

ScanResult

Object

单个规则的漏洞评估扫描结果。

名称	类型	说明
id	string	资源 ID
name	string	资源名称
properties	ScanResultProperties	单个规则的漏洞评估扫描结果属性。
type	string	资源类型

ScanResultProperties

Object

单个规则的漏洞评估扫描结果属性。

名称	类型	说明
baselineAdjustedResult	BaselineAdjustedResult	使用基线调整的规则结果。
isTrimmed	boolean	指示是否剪裁了此处指定的结果。
queryResults	string[]	运行的查询的结果。
remediation	Remediation	修正详细信息。
ruleId	string	规则 ID。
ruleMetadata	VaRule	漏洞评估规则元数据详细信息。
status	RuleStatus	规则结果状态。

VaRule

Object

漏洞评估规则元数据详细信息。

名称	类型	说明
benchmarkReferences	BenchmarkReference[]	基准引用。
category	string	规则类别。
description	string	规则说明。
queryCheck	QueryCheck	规则查询详细信息。
rationale	string	规则的理由。
ruleId	string	规则 ID。
ruleType	RuleType	规则类型。
severity	RuleSeverity	规则严重性。
title	string	规则标题。