Start-AzSqlDatabaseVulnerabilityAssessmentScan

Is this page helpful?

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Module:

Az.Sql

Starts a vulnerability assessment scan.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

Start-AzSqlDatabaseVulnerabilityAssessmentScan
     [-ServerName] <String>
     [-DatabaseName] <String>
     [-InputObject <AzureSqlDatabaseModel>]
     [-AsJob]
     [-ScanId <String>]
     [-ResourceGroupName] <String>
     [-DefaultProfile <IAzureContextContainer>]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]

Description

The Start-AzSqlDatabaseVulnerabilityAssessmentScan cmdlet triggers a scan with ScanId identifier. Scan results will be saved under the storage defined by the Update-AzSqlServerVulnerabilityAssessmentSetting cmdlet, under scans/{ServerName}/{DatabaseName}/scan_{ScanId}.json You can monitor the progress of the scan by using the Get-AzSqlDatabaseVulnerabilityAssessmentScanRecord cmdlet with the scanId parameter and look at the State returned parameter. Note that you need to run Enable-AzSqlServerAdvancedDataSecurity and Update-AzSqlServerVulnerabilityAssessmentSetting cmdlet as a prerequisite for using this cmdlets.

Examples

Example 1: Starts a vulnerability assessment scan

PS C:\>  Start-AzSqlDatabaseVulnerabilityAssessmentScan `
            -ResourceGroupName "ResourceGroup01" `
            -ServerName "Server01" `
            -DatabaseName "Database01" `
            -ScanId "myScan"

ResourceGroupName	         : ResourceGroup01
ServerName		             : Server01
DatabaseName		         : Database01
ScanId			             : myScan
TriggerType		             : OnDemand
State			             : Fail
StartTime			         : 6/11/2018 1:57:27 PM
EndTime			             : 6/11/2018 1:57:31 PM
Errors			             : {}
ScanResultsLocationPath	     : https://myaccount.blob.core.windows.net/vulnerability-assessment
                                scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9

Example 2: Starts a vulnerability assessment scan without a specific scan ID

PS C:\>  Start-AzSqlDatabaseVulnerabilityAssessmentScan `
            -ResourceGroupName "ResourceGroup01" `
            -ServerName "Server01" `
            -DatabaseName "Database01" 
            
ResourceGroupName	         : ResourceGroup01
ServerName		             : Server01
DatabaseName		         : Database01
ScanId			             : 20180611_135726
TriggerType		             : OnDemand
State			             : Fail
StartTime			         : 6/11/2018 1:57:27 PM
EndTime			             : 6/11/2018 1:57:31 PM
Errors			             : {}
ScanResultsLocationPath	     : https://myaccount.blob.core.windows.net/vulnerability-assessment
                                scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9

This command generates a scan ID in the format of "yyyyMMdd_HHmmss" from the UTC date time.

Example 3: Starts a vulnerability assessment scan in the background

PS C:\> $scanJob = Start-AzSqlDatabaseVulnerabilityAssessmentScan `
            -ResourceGroupName "ResourceGroup01" `
            -ServerName "Server01" `
            -DatabaseName "Database01" `
            -ScanId "myScan" `
            -AsJob
PS C:\>	$scanJob | Wait-Job
PS C:\>	$scanJob | Receive-Job

ResourceGroupName	         : ResourceGroup01
ServerName		             : Server01
DatabaseName		         : Database01
ScanId			             : myScan
TriggerType		             : OnDemand
State			             : Fail
StartTime			         : 6/11/2018 1:57:27 PM
EndTime			             : 6/11/2018 1:57:31 PM
Errors			             : {}
ScanResultsLocationPath	     : https://myaccount.blob.core.windows.net/vulnerability-assessment
                                scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9

Example 4: Starts a vulnerability assessment scan with a database object

PS C:\>  Get-AzSqlDatabase `
            -ResourceGroupName "ResourceGroup01" `
            -ServerName "Server01" `
            -DatabaseName "Database01" `
            | Start-AzSqlDatabaseVulnerabilityAssessmentScan

ResourceGroupName	         : ResourceGroup01
ServerName		             : Server01
DatabaseName		         : Database01
ScanId			             : 20180611_135726
TriggerType		             : OnDemand
State			             : Fail
StartTime			         : 6/11/2018 1:57:27 PM
EndTime			             : 6/11/2018 1:57:31 PM
Errors			             : {}
ScanResultsLocationPath	     : https://myaccount.blob.core.windows.net/vulnerability-assessment
                                scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9

Example 5: Starts a vulnerability assessment scan on all the databases under a server

PS C:\>  Get-AzSqlDatabase `
            -ResourceGroupName "ResourceGroup01" `
            -ServerName "Server01" `
            | where {$_.DatabaseName -ne "master"}  `
            | Start-AzSqlDatabaseVulnerabilityAssessmentScan 

ResourceGroupName	         : ResourceGroup01
ServerName		             : Server01
DatabaseName		         : Database01
ScanId			             : 20180611_135726
TriggerType		             : OnDemand
State			             : Fail
StartTime			         : 6/11/2018 1:57:27 PM
EndTime			             : 6/11/2018 1:57:31 PM
Errors			             : {}
ScanResultsLocationPath	     : https://myaccount.blob.core.windows.net/vulnerability-assessment
                                scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9


ResourceGroupName	         : ResourceGroup01
ServerName		             : Server01
DatabaseName		         : Database02
ScanId			             : 20180611_135726
TriggerType		             : OnDemand
State			             : Fail
StartTime			         : 6/11/2018 1:57:27 PM
EndTime			             : 6/11/2018 1:57:31 PM
Errors			             : {}
ScanResultsLocationPath	     : https://myaccount.blob.core.windows.net/vulnerability-assessment
                                scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9

Parameters

-AsJob

Run cmdlet in the background

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DatabaseName

SQL Database name.

Type:	String
Position:	2
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-InputObject

The database object to get Vulnerability Assessment settings for

Type:	AzureSqlDatabaseModel
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-ResourceGroupName

The name of the resource group.

Type:	String
Position:	0
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-ScanId

Specifies the scan ID.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-ServerName

SQL Database server name.

Type:	String
Position:	1
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

String

AzureSqlDatabaseModel

Outputs

DatabaseVulnerabilityAssessmentScanRecordModel