你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline

参考

模块:: Az.Sql

设置漏洞评估规则基线。

语法

Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline
   [-ServerName] <String>
   [-DatabaseName] <String>
   [-InputObject <VulnerabilityAssessmentRuleBaselineModel>]
   -BaselineResult <String[][]>
   -RuleId <String>
   [-RuleAppliesToMaster]
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

说明

Set-AzureRmSqlDatabaseVulnerabilityAssessmentRuleBaseline cmdlet 设置漏洞评估规则基线。在查看评估结果时，可将特定结果标记为环境中可接受的基线。基线其实就是自定义结果的报告方式。与基线匹配的结果被视为通过后续扫描。建立基线安全状态后，漏洞评估只会报告与基线的偏差，并且可以将注意力集中在相关问题上。请注意，需要运行 Enable-AzSqlServerAdvancedDataSecurity 和 Update-AzSqlServerVulnerabilityAssessmentSetting cmdlet 作为使用此 cmdlet 的先决条件。

示例

示例 1：设置漏洞评估规则基线

Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline `
             -ResourceGroupName "ahmadtesting" `
             -ServerName "ahmadpilotserver" `
             -DatabaseName "AhmadPilotDb" `
             -BaselineResult @(,@('dbo', 'db_owner', 'SQL_USER', 'INSTANCE')) `
             -RuleID 'VA2108'

Rule ID Rule Applies To Master Baseline Results
------- ---------------------- ----------------
VA2108  False                  {dbo;db_owner;SQL_USER;INSTANCE}

$arrayList = [System.Collections.ArrayList]::new()
$arrayList.Add(@('dbo', 'db_owner', 'SQL_USER', 'INSTANCE'))

Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline `
             -ResourceGroupName "demoresourcegroup" `
            -ServerName "demosqlser" `
            -DatabaseName "SQL_ERConnect" `
            -BaselineResult $arrayList `
            -RuleID 'VA2108'


Rule ID Rule Applies To Master Baseline Results                
------- ---------------------- ----------------                
VA2108  False                  {dbo;db_owner;SQL_USER;INSTANCE}

Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline  `
			-ResourceGroupName "ResourceGroup01" `
			-ServerName "Server01"  `
			-DatabaseName "Database01"  `
			-RuleId "VA2108" `
			-RuleAppliesToMaster `
			-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

ResourceGroupName		: ResourceGroup01
ServerName	        	: Server01
DatabaseName	    	: Database01
RuleId		        	: VA2108
RuleAppliesToMaster    	: True
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

BaselineResult 值是描述要添加到基线的 T-SQL 结果的多个子数组的组合。请注意，使用一个结果使用逗号定义数组的特殊 PS 语法。
可以在 Set-AzSqlServerVulnerabilityAssessment设置 cmdlet 定义的存储下找到扫描结果，在 scans/{ServerName}/{DatabaseName}/scan_{ScanId}.json

示例 2：从基线对象设置漏洞评估规则基线

Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline `
            -ResourceGroupName "ResourceGroup01" `
            -ServerName "Server01" `
            -DatabaseName "Database01" `
            -RuleId "VA2108" `
            -BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

Get-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline `
            -ResourceGroupName "ResourceGroup01" `
            -ServerName "Server01" `
            -DatabaseName "Database01" `
            -RuleId "VA2108" `
            |  Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline `
                -ResourceGroupName "ResourceGroup02" `
                -ServerName "Server02" `
                -DatabaseName "Database02"

ResourceGroupName		: ResourceGroup02
ServerName	        	: Server02
DatabaseName	    	: Database02
RuleId		        	: VA2108
RuleAppliesToMaster    	: False
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

示例 3：在服务器下的所有数据库上设置漏洞评估规则基线

Get-AzSqlDatabase -ResourceGroupName "ResourceGroup01" `
            -ServerName "Server01" `
            | Where-Object {$_.DatabaseName -ne "master"}  `
            | Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline `
                -RuleId "VA2108" `
                -BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

ResourceGroupName		: ResourceGroup01
ServerName	        	: Server01
DatabaseName	    	: Database01
RuleId		        	: VA2108
RuleAppliesToMaster    	: False
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

ResourceGroupName		: ResourceGroup01
ServerName	        	: Server01
DatabaseName	    	: Database02
RuleId		        	: VA2108
RuleAppliesToMaster    	: False
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

参数

-BaselineResult

在将来的所有扫描中将规则设置为基线的结果

Type:	String[][]
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Confirm

提示你在运行 cmdlet 之前进行确认。

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DatabaseName

SQL 数据库名称。

Type:	String
Position:	2
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-DefaultProfile

用于与 Azure 通信的凭据、帐户、租户和订阅。

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-InputObject

要设置的漏洞评估规则基线对象

Type:	VulnerabilityAssessmentRuleBaselineModel
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-ResourceGroupName

资源组的名称。

Type:	String
Position:	0
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-RuleAppliesToMaster

指定基线应应用于 master 数据库。仅当数据库级别设置指定与服务器级别设置中指定的存储帐户不同时，才需要这样做。

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-RuleId

用于标识要设置基线结果的规则的规则 ID。

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-ServerName

SQL 数据库服务器名称。

Type:	String
Position:	1
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-WhatIf

显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

输入

String

VulnerabilityAssessmentRuleBaselineModel

String[][]

SwitchParameter

输出

DatabaseVulnerabilityAssessmentRuleBaselineModel