Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline

  • 參考
模組:
Az.Sql

設定弱點評量規則基準。

Syntax

Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline
   [-InstanceName] <String>
   [-DatabaseName] <String>
   -BaselineResult <String[][]>
   -RuleId <String>
   [-RuleAppliesToMaster]
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline
   [-InputObject <VulnerabilityAssessmentRuleBaselineModel>]
   -BaselineResult <String[][]>
   -RuleId <String>
   [-RuleAppliesToMaster]
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline Cmdlet 會設定弱點評量規則基準。 當您檢閱評量結果時,可以將特定結果標示為環境中可接受的「基準」。 基準本質上就是自訂報告結果的方式。 在後續的掃描中,會將符合基準的結果視為通過。 建立基準安全性狀態之後,弱點評量只會報告基準的偏差,而且您可以將注意力集中在相關問題上。 請注意,您必須執行 Enable-AzSqlInstanceAdvancedDataSecurityUpdate-AzSqlInstanceVulnerabilityAssessmentSetting Cmdlet 作為使用此 Cmdlet 的必要條件。

範例

範例 1:設定弱點評估規則基準

Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline  `
            -ResourceGroupName "ResourceGroup01" `
            -InstanceName "ManagedInstance01" `
            -DatabaseName "Database01" `
			-RuleId "VA2108" `
			-RuleAppliesToMaster `
			-BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

ResourceGroupName		: ResourceGroup01
InstanceName	    : ManagedInstance01
DatabaseName	    : Database01
RuleId		        	: VA2108
RuleAppliesToMaster    	: True
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

BaselineResult 值是數個子陣列的組合,描述將新增至基準的 T-SQL 結果。
您可以在 Scans/{ManagedInstanceName}/{ManagedDatabaseName}/scan_{ScanId .json}/scan_{ScanId}底下找到 Update-AzSqlInstanceVulnerabilityAssessmentSetting Cmdlet 所定義的掃描結果

範例 2:從基準物件設定弱點評估規則基準

Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
            -ResourceGroupName "ResourceGroup01" `
            -InstanceName "ManagedInstance01" `
            -DatabaseName "Database01" `
            -RuleId "VA2108" `
            -BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

Get-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
            -ResourceGroupName "ResourceGroup01" `
            -InstanceName "ManagedInstance01" `
            -DatabaseName "Database01" `
            -RuleId "VA2108" `
            |  Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
                -ResourceGroupName "ResourceGroup02" `
                -InstanceName "ManagedInstance02" `
                -DatabaseName "Database02"

ResourceGroupName		: ResourceGroup02
InstanceName	    : ManagedInstance02
DatabaseName	    : Database02
RuleId		        	: VA2108
RuleAppliesToMaster    	: False
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

範例 3:在受控實例下的所有資料庫上設定弱點評估規則基準

Get-AzSqlInstanceDatabase -ResourceGroupName "ResourceGroup01" `
            -InstanceName "ManagedInstance01" `
            | Where-Object {$_.Name -ne "master"}  `
            | Set-AzSqlInstanceDatabaseVulnerabilityAssessmentRuleBaseline `
                -RuleId "VA2108" `
                -BaselineResult @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

ResourceGroupName		: ResourceGroup01
InstanceName	    : ManagedInstance01
DatabaseName	    : Database01
RuleId		        	: VA2108
RuleAppliesToMaster    	: False
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

ResourceGroupName		: ResourceGroup01
InstanceName	    : ManagedInstance01
DatabaseName	    : Database02
RuleId		        	: VA2108
RuleAppliesToMaster    	: False
BaselineResult		    : @( 'Principal1', 'db_ddladmin', 'SQL_USER', 'None')  , @( 'Principal2', 'db_ddladmin', 'SQL_USER', 'None')

參數

-BaselineResult

所有未來掃描中要設定為規則基準的結果

Type:String[][]
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

執行 Cmdlet 之前先提示您確認。

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DatabaseName

SQL 受控資料庫名稱。

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

用於與 Azure 通訊的認證、帳戶、租用戶和訂用帳戶。

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

要設定的弱點評量規則基準物件

Type:VulnerabilityAssessmentRuleBaselineModel
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-InstanceName

SQL 受管理執行個體 名稱。

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

資源群組的名稱。

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-RuleAppliesToMaster

指定基準結果是否應該套用至 RuleId 所識別的伺服器層級規則

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-RuleId

規則標識碼,識別要設定基準結果的規則。

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

顯示執行 Cmdlet 後會發生的情況。 未執行 Cmdlet。

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

輸入

String

VulnerabilityAssessmentRuleBaselineModel

String[][]

SwitchParameter

輸出

ManagedDatabaseVulnerabilityAssessmentRuleBaselineModel