Start-AzureRmSqlDatabaseVulnerabilityAssessmentScan
Starts a vulnerability assessment scan.
Important
Because Az PowerShell modules now have all the capabilities of AzureRM PowerShell modules and more, we'll retire AzureRM PowerShell modules on 29 February 2024.
To avoid service interruptions, update your scripts that use AzureRM PowerShell modules to use Az PowerShell modules by 29 February 2024. To automatically update your scripts, follow the quickstart guide.
Syntax
Start-AzureRmSqlDatabaseVulnerabilityAssessmentScan
[-InputObject <AzureSqlDatabaseModel>]
[-AsJob]
[-ScanId <String>]
[-ServerName] <String>
[-DatabaseName] <String>
[-ResourceGroupName] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Start-AzureRmSqlDatabaseVulnerabilityAssessmentScan cmdlet triggers a scan with ScanId identifier. Scan results will be saved under the storage defined by the Set-AzureRmSqlDatabaseVulnerabilityAssessmentSettings cmdlet, under scans/{ServerName}/{DatabaseName}/scan_{ScanId}.json You can monitor the progress of the scan by using the Get-AzureRmSqlDatabaseVulnerabilityAssessmentScanRecord cmdlet with the scanId parameter and look at the State returned parameter. Note that you need to run Enable-AzureRmSqlServerAdvancedThreatProtection and Set-AzureRmSqlDatabaseVulnerabilityAssessmentSettings cmdlet as a prerequisite for using this cmdlets.
Examples
Example 1 - Starts a vulnerability assessment scan
PS C:\> Start-AzureRmSqlDatabaseVulnerabilityAssessmentScan `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
-DatabaseName "Database01" `
-ScanId "myScan"
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : myScan
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9Example 2 - Starts a vulnerability assessment scan without a specific scan ID
PS C:\> Start-AzureRmSqlDatabaseVulnerabilityAssessmentScan `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
-DatabaseName "Database01"
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : 20180611_135726
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9This command generates a scan ID in the format of "yyyyMMdd_HHmmss" from the UTC date time.
Example 3 - Starts a vulnerability assessment scan in the background
PS C:\> Start-AzureRmSqlDatabaseVulnerabilityAssessmentScan `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
-DatabaseName "Database01" `
-ScanId "myScan" `
-AsJob
PS C:\> $scanJob | Wait-Job
PS C:\> $scanJob | Receive-Job
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : myScan
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9Example 4 - Starts a vulnerability assessment scan with a database object
PS C:\> Get-AzureRmSqlDatabase `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
-DatabaseName "Database01" `
| Start-AzureRmSqlDatabaseVulnerabilityAssessmentScan
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : 20180611_135726
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9Example 5 - Starts a vulnerability assessment scan on all the databases under a server
PS C:\> Get-AzureRmSqlDatabase `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
| where {$_.DatabaseName -ne "master"} `
| Start-AzureRmSqlDatabaseVulnerabilityAssessmentScan
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : 20180611_135726
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database02
ScanId : 20180611_135726
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9Parameters
Run cmdlet in the background
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
SQL Database name.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The database object to get Vulnerability Assessment settings for
| Type: | AzureSqlDatabaseModel |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The name of the resource group.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the scan ID.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
SQL Database server name.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Parameters: InputObject (ByValue)