Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline
Sets the vulnerability assessment rule baseline.
Note
This is the previous version of our documentation. Please consult the most recent version for up-to-date information.
Syntax
Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline
[-InstanceName] <String>
[-DatabaseName] <String>
-BaselineResult <String[][]>
-RuleId <String>
[-RuleAppliesToMaster]
[-ResourceGroupName] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline
[-InputObject <VulnerabilityAssessmentRuleBaselineModel>]
-BaselineResult <String[][]>
-RuleId <String>
[-RuleAppliesToMaster]
[-ResourceGroupName] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline cmdlet sets the vulnerability assessment rule baseline. As you review your assessment results, you can mark specific results as being an acceptable Baseline in your environment. The baseline is essentially a customization of how the results are reported. Results that match the baseline are considered as passing in subsequent scans. Once you have established your baseline security state, vulnerability assessment only reports on deviations from the baseline, and you can focus your attention on the relevant issues. Note that you need to run Enable-AzSqlInstanceAdvancedDataSecurity and Update-AzSqlInstanceVulnerabilityAssessmentSetting cmdlet as a prerequisite for using this cmdlets.
Examples
Example 1: Set a vulnerability assessment rule baseline
PS C:\> Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ResourceGroup01" `
-InstanceName "ManagedInstance01" `
-DatabaseName "Database01" `
-RuleId "VA2108" `
-RuleAppliesToMaster `
-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
ResourceGroupName : ResourceGroup01
InstanceName : ManagedInstance01
DatabaseName : Database01
RuleId : VA2108
RuleAppliesToMaster : True
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')BaselineResult value is a composition of several sub arrays that described the T-SQL results that will be added to the baseline.
You may find the Scan results under the storage defined by the Update-AzSqlInstanceVulnerabilityAssessmentSetting cmdlet, under scans/{ManagedInstanceName}/{ManagedDatabaseName}/scan_{ScanId}.json
Example 2: Set a vulnerability assessment rule baseline from a baseline object
PS C:\> Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ResourceGroup01" `
-InstanceName "ManagedInstance01" `
-DatabaseName "Database01" `
-RuleId "VA2108" `
-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
PS C:\> Get-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ResourceGroup01" `
-InstanceName "ManagedInstance01" `
-DatabaseName "Database01" `
-RuleId "VA2108" `
| Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-ResourceGroupName "ResourceGroup02" `
-InstanceName "ManagedInstance02" `
-DatabaseName "Database02" `
ResourceGroupName : ResourceGroup02
InstanceName : ManagedInstance02
DatabaseName : Database02
RuleId : VA2108
RuleAppliesToMaster : False
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')Example 3: Set a vulnerability assessment rule baseline on all the databases under a managed instance
PS C:\> Get-AzSqlInstanceDatabase -ResourceGroupName "ResourceGroup01" `
-InstanceName "ManagedInstance01" `
| where {$_.Name -ne "master"} `
| Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
-RuleId "VA2108" `
-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
ResourceGroupName : ResourceGroup01
InstanceName : ManagedInstance01
DatabaseName : Database01
RuleId : VA2108
RuleAppliesToMaster : False
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')
ResourceGroupName : ResourceGroup01
InstanceName : ManagedInstance01
DatabaseName : Database02
RuleId : VA2108
RuleAppliesToMaster : False
BaselineResult : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None') , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')Parameters
The results to set as baseline for the rule in all future scans
| Type: | String[][] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
SQL Managed Database name.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The Vulnerability Assessment rule baseline object to set
| Type: | VulnerabilityAssessmentRuleBaselineModel |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
SQL Managed Instance name.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The name of the resource group.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies whether the baseline results should apply on a server level rule identified by the RuleId
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The rule ID which identifies the rule to set the baseline results to.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
VulnerabilityAssessmentRuleBaselineModel
String[][]