diff --git a/src/Security/Security.Test/ScenarioTests/SqlVulnerabilityAssessmentTests.cs b/src/Security/Security.Test/ScenarioTests/SqlVulnerabilityAssessmentTests.cs new file mode 100644 index 000000000000..c427232a61bb --- /dev/null +++ b/src/Security/Security.Test/ScenarioTests/SqlVulnerabilityAssessmentTests.cs @@ -0,0 +1,45 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.ScenarioTest; +using Microsoft.Azure.ServiceManagement.Common.Models; +using Microsoft.WindowsAzure.Commands.ScenarioTest; +using Xunit; + +namespace Microsoft.Azure.Commands.Security.Test.ScenarioTests +{ + public class SqlVulnerabilityAssessmentTests + { + private readonly XunitTracingInterceptor _logger; + + public SqlVulnerabilityAssessmentTests(Xunit.Abstractions.ITestOutputHelper output) + { + _logger = new XunitTracingInterceptor(output); + XunitTracingInterceptor.AddToContext(_logger); + TestExecutionHelpers.SetUpSessionAndProfile(); + } + + /* + * This test is live only because it cannot be recorded. + * New-AzMonitorLogAnalyticsSolution cmdlet depends on Az.MonitoringSolution + * which is a generated module and is not currently supported by the testing framework + */ + [Fact] + [Trait(Category.AcceptanceType, Category.LiveOnly)] + public void TestAzSecuritySqlVulnerabilityAssessment() + { + TestController.NewInstance.RunPowerShellTest(_logger, "Test-AzSecuritySqlVulnerabilityAssessment"); + } + } +} diff --git a/src/Security/Security.Test/ScenarioTests/SqlVulnerabilityAssessmentTests.ps1 b/src/Security/Security.Test/ScenarioTests/SqlVulnerabilityAssessmentTests.ps1 new file mode 100644 index 000000000000..8e9b9855a24f --- /dev/null +++ b/src/Security/Security.Test/ScenarioTests/SqlVulnerabilityAssessmentTests.ps1 @@ -0,0 +1,197 @@ +# ---------------------------------------------------------------------------------- +# +# Copyright Microsoft Corporation +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ---------------------------------------------------------------------------------- + +<# +.SYNOPSIS + Tests end to end scenario for SQL vulnerability assessment on SQL VM. + This test is live only because it cannot be recorded. + New-AzMonitorLogAnalyticsSolution cmdlet depends on Az.MonitoringSolution + which is a generated module and is not currently supported by the testing framework +#> +function Test-AzSecuritySqlVulnerabilityAssessment +{ + # Setup + $testPrefix = "pssqlva" + $testParams = Get-SecuritySqlVulnerabilityAssessmentTestEnvironmentParameters $testPrefix + $vmResourceId = "/subscriptions/" + $testParams.subscriptionId + "/resourceGroups/" + $testParams.rgName + "/providers/Microsoft.Compute/VirtualMachines/" + $testParams.sqlVmNamePrefix + Create-TestEnvironmentWithParams $testParams + + $vaScanRecord = Get-AzSecuritySqlVulnerabilityAssessmentScanRecord -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -ScanId latest + $resultsOnMaster = Get-AzSecuritySqlVulnerabilityAssessmentScanResult -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master + $resultsWithFindingsOnMaster = $resultsOnMaster | where { $_.Status -eq "Finding" } + + Assert-True { $resultsOnMaster.Count -eq $vaScanRecord.TotalRulesCount } + Assert-True { $resultsWithFindingsOnMaster.Count -eq $vaScanRecord.TotalFailedRulesCount } + + $finding = $resultsWithFindingsOnMaster | select -first 1 + $ruleResult = Get-AzSecuritySqlVulnerabilityAssessmentScanResult -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -ScanId $vaScanRecord.Name -RuleId $finding.Name + + Assert-True { $finding.Name -eq $ruleResult.Name } + + # check add baseline with latest. + Add-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -RuleId $finding.Name + + $baseline = Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -RuleId $finding.Name + + Assert-NotNull $baseline + + $baseline | Remove-AzSecuritySqlVulnerabilityAssessmentBaseline -Force + + Assert-Throws { Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -RuleId $finding.Name } + + # check Add baseline with result + Add-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -RuleId $finding.Name -Baseline $finding.QueryResults + + $baseline = Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -RuleId $finding.Name + Assert-NotNull $baseline + + $baseline | Remove-AzSecuritySqlVulnerabilityAssessmentBaseline -Force + + ### Check piping + + $resultsOnMsdb = Get-AzSecuritySqlVulnerabilityAssessmentScanResult -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database msdb + $resultsWithFindingsOnMsdb = $resultsOnMsdb | where { $_.Status -eq "Finding" } + $rulesNamesOnMsdb = $resultsWithFindingsOnMsdb | select -ExpandProperty Name + $rulesNamesOnMaster = $resultsWithFindingsOnMaster | select -ExpandProperty Name + + # get rules intersection between master and msdb + $ruleWithFindingsOnBothDbs = $rulesNamesOnMaster | ? {$rulesNamesOnMsdb -contains $_} + + if ($ruleWithFindingsOnBothDbs.Count -gt 0) + { + # add baseline on master + Add-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -RuleId $ruleWithFindingsOnBothDbs[0] + + # bypass it to msdb + Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -RuleId $ruleWithFindingsOnBothDbs[0] ` + | Add-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database msdb + + $baseline = Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database msdb -RuleId $ruleWithFindingsOnBothDbs[0] + Assert-NotNull $baseline + } + + # Set all latest results as Baseline + Set-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -Force + $vaScanRecord = Get-AzSecuritySqlVulnerabilityAssessmentScanRecord -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -ScanId latest + + Assert-True { $vaScanRecord.State -eq "Passed"} + Assert-True { $vaScanRecord.TotalFailedRulesCount -eq 0 } + + Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master | Remove-AzSecuritySqlVulnerabilityAssessmentBaseline -Force + + $baselineSet = @{} + $resultsWithFindingsOnMaster | select -skip 3 | ForEach-Object { $baselineSet.Add($_.RuleId, $_.QueryResults)} + + Set-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId $vmResourceId -WorkspaceId $testParams.workspaceId -Server $testParams.sqlServerName -Database master -BaselineSet $baselineSet -Force + + Delete-TestEnvironments ($testParams) +} + +<# +.SYNOPSIS +Gets the values of the parameters used at the tests +#> +function Get-SecuritySqlVulnerabilityAssessmentTestEnvironmentParameters ($testPrefix) +{ + $location = Get-Location "Microsoft.Compute" "virtualMachines" "East Us 2 Euap"; + $sqlVmName = getAssetName ($testPrefix +'vm'); + + return @{ subscriptionId = (Get-AzContext).Subscription.Id; + rgName = getAssetName ($testPrefix); + sqlVmNamePrefix = $sqlVmName; + sqlVmDomain_prefix = 'domainvm'; + sqlVmMaxLength = 15; + sqlVmUserName = 'testuser'; + sqlVmPassword = Generate-RandomVmPassword; + sqlServerImage = 'MicrosoftSQLServer:SQL2017-WS2016:Enterprise:latest'; + sqlServerVmSize = 'Standard_DS2_v2'; + sqlServerName = "MSSQLSERVER" + operationalInsightsWorkspaceName = getAssetName ($testPrefix +"psWorkspace"); + workspaceId = ""; + location = location; + vmLocation = $location.Replace(' ', ''); + vmDomainNameLabel = (getAssetName ($sqlVmName +'-')).ToLower(); + } + +} + +<# +.SYNOPSIS +Creates the basic test environment needed to perform the sql vulnerability assessment tests - resource group, VM, workspace,... etc +#> +function Create-TestEnvironmentWithParams ($testParams) +{ + # Create a new resource group. + New-AzResourceGroup -Name $testParams.rgName -Location $testParams.location + + $passWord = ConvertTo-SecureString -String $testParams.sqlVmPassword -AsPlainText -Force + $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $testParams.sqlVmUserName, $passWord + + # Create the sql virtual machine. + Write-Host "ResourceGroupName " + $testParams.rgName + " -Location " + $testParams.location " -Size "+ $testParams.sqlServerVmSize + " -Image " + $testParams.sqlServerImage + " -Credential " + $cred " -Name " + $testParams.sqlVmNamePrefix + + New-AzVm -ResourceGroupName $testParams.rgName -Location $testParams.vmLocation -Image $testParams.sqlServerImage -Credential $cred -Name $testParams.sqlVmNamePrefix -DomainNameLabel $testParams.vmDomainNameLabel + + # Create the log analytics worskspace + $workspace = New-AzOperationalInsightsWorkspace -Location $testParams.location -Name $testParams.operationalInsightsWorkspaceName -ResourceGroupName $testParams.rgName + New-AzMonitorLogAnalyticsSolution -Type SQLVulnerabilityAssessment -ResourceGroupName $testParams.rgName -Location $testParams.location -WorkspaceResourceId $workspace.ResourceId + + # Install microsoft Monitoring agent on the VM + $workspaceKeys = Get-AzOperationalInsightsWorkspaceSharedKey -Name $testParams.operationalInsightsWorkspaceName -ResourceGroupName $testParams.rgName + $publicSettings = @{"workspaceId" = $workspace.CustomerId} + $protectedSettings = @{"workspaceKey" = $workspaceKeys.PrimarySharedKey} + + $testParams.workspaceId = $workspace.CustomerId; + + Set-AzVMExtension -ExtensionName "MicrosoftMonitoringAgent" ` + -ResourceGroupName $testParams.rgName ` + -VMName $testParams.sqlVmNamePrefix` + -Publisher "Microsoft.EnterpriseCloud.Monitoring" ` + -ExtensionType "MicrosoftMonitoringAgent" ` + -TypeHandlerVersion 1.0 ` + -Settings $publicSettings ` + -ProtectedSettings $protectedSettings ` + -Location $testParams.vmLocation + + # Update the registery and restart the Monitoring agent to force a scan. + Invoke-AzVMRunCommand -ResourceGroupName $testParams.rgName -Name $testParams.sqlVmNamePrefix -CommandId 'RunPowerShellScript' -ScriptPath 'SqlVulnerabilityAssessmentTestResources\SetUpVm.ps1' + + Start-Sleep -Seconds 180 +} + +<# +.SYNOPSIS + Deletes the Test enviroment once the test passes. +#> +function Delete-TestEnvironments ($testParams) +{ + New-AzResourceGroup -Name $testParams.rgName +} + + <# +.SYNOPSIS +Generates a random password for vm that satisfies these conditions: + - At least 15 character long + - Contains at at least one number + - Contains at least one lower case letter + - Contains at least one upper case letter +#> +function Generate-RandomVmPassword() +{ + $password = ("abcdefghijklmnopqrstuvwxyz".tochararray() | sort {Get-Random})[0..4] -join '' + $password += ("ABCDEFGHIJKLMNOPQRSTUVWXYZ".tochararray() | sort {Get-Random})[0..7] -join '' + $password += ("0123456789".tochararray() | sort {Get-Random})[0..4] -join '' + + return ($password.tochararray() | sort {Get-Random}) -join '' +} \ No newline at end of file diff --git a/src/Security/Security.Test/ScenarioTests/TestController.cs b/src/Security/Security.Test/ScenarioTests/TestController.cs index 7660b07c4f70..e88fcdf87941 100644 --- a/src/Security/Security.Test/ScenarioTests/TestController.cs +++ b/src/Security/Security.Test/ScenarioTests/TestController.cs @@ -13,6 +13,9 @@ // ---------------------------------------------------------------------------------- using Microsoft.Azure.Commands.Common.Authentication; +using Microsoft.Azure.Management.Compute; +using Microsoft.Azure.Management.OperationalInsights; +using Microsoft.Azure.Management.Internal.Network.Version2017_10_01; using Microsoft.Azure.Management.Internal.Resources; using Microsoft.Azure.Management.Security; using Microsoft.Azure.Management.Storage.Version2017_10_01; @@ -56,12 +59,18 @@ public void RunPowerShellTest(ServiceManagement.Common.Models.XunitTracingInterc SetupManagementClients(context); _helper.SetupEnvironment(AzureModule.AzureResourceManager); + var computePath = _helper.GetRMModulePath(@"AzureRM.Compute.psd1"); + var networkPath = _helper.GetRMModulePath(@"AzureRM.Network.psd1"); + var operationalInsightsPath = _helper.GetRMModulePath(@"AzureRM.OperationalInsights.psd1"); var callingClassName = callingClassType?.Split(new[] { "." }, StringSplitOptions.RemoveEmptyEntries).Last(); _helper.SetupModules( AzureModule.AzureResourceManager, _helper.RMProfileModule, _helper.GetRMModulePath(@"AzureRM.Security.psd1"), + computePath, + networkPath, + operationalInsightsPath, "ScenarioTests\\Common.ps1", "ScenarioTests\\" + callingClassName + ".ps1", "AzureRM.Storage.ps1", @@ -76,7 +85,10 @@ protected void SetupManagementClients(MockContext context) var resourcesClient = GetResourcesClient(context); var securityCenterClient = GetSecurityCenterClient(context); var storageClient = GetStorageManagementClient(context); - _helper.SetupManagementClients(securityCenterClient, resourcesClient, storageClient); + var computeClient = GetComputeManagementClient(context); + var networkClient = GetNetworkManagementClient(context); + var operationalInsightsClient = GetOperationalInsightsManagementClient(context); + _helper.SetupManagementClients(securityCenterClient, resourcesClient, storageClient, computeClient, networkClient, operationalInsightsClient); } private static SecurityCenterClient GetSecurityCenterClient(MockContext context) @@ -91,5 +103,20 @@ private static StorageManagementClient GetStorageManagementClient(MockContext co { return context.GetServiceClient(TestEnvironmentFactory.GetTestEnvironment()); } + + private static ComputeManagementClient GetComputeManagementClient(MockContext context) + { + return context.GetServiceClient(TestEnvironmentFactory.GetTestEnvironment()); + } + + private static NetworkManagementClient GetNetworkManagementClient(MockContext context) + { + return context.GetServiceClient(TestEnvironmentFactory.GetTestEnvironment()); + } + + private static OperationalInsightsManagementClient GetOperationalInsightsManagementClient(MockContext context) + { + return context.GetServiceClient(TestEnvironmentFactory.GetTestEnvironment()); + } } } diff --git a/src/Security/Security.Test/Security.Test.csproj b/src/Security/Security.Test/Security.Test.csproj index 0cfdadb7c815..2c592ea69d42 100644 --- a/src/Security/Security.Test/Security.Test.csproj +++ b/src/Security/Security.Test/Security.Test.csproj @@ -38,7 +38,11 @@ Always + + Always + + + - \ No newline at end of file diff --git a/src/Security/Security.Test/SqlVulnerabilityAssessmentTestResources/SetUpVM.ps1 b/src/Security/Security.Test/SqlVulnerabilityAssessmentTestResources/SetUpVM.ps1 new file mode 100644 index 000000000000..6100e7c65b96 --- /dev/null +++ b/src/Security/Security.Test/SqlVulnerabilityAssessmentTestResources/SetUpVM.ps1 @@ -0,0 +1,9 @@ +New-Item -ItemType Directory -Force -Path C:\\Users\\testuser\\Desktop\\Va_Logs\ +New-Item -ItemType Directory -Force -Path C:\\Users\\testuser\\Desktop\\Setup_Logs\ +New-Item -Path HKLM:\\Software\\Microsoft\\AzureOperationalInsights\ +Set-ItemProperty -Path HKLM:\\Software\\Microsoft\\AzureOperationalInsights -Name SqlVulnerabilityAssessment_LogDirectoryPath -Value C:\\Users\\testuser\\Desktop\\Va_Logs\ +Set-ItemProperty -Path HKLM:\\Software\\Microsoft\\AzureOperationalInsights -Name SqlVulnerabilityAssessment_BypassHashCheck -Value true\ +Set-ItemProperty -Path HKLM:\\Software\\Microsoft\\AzureOperationalInsights -Name SqlVulnerabilityAssessment_TestMachine -Value true + +Start-Sleep -Seconds 60 +Restart-Service HealthService \ No newline at end of file diff --git a/src/Security/Security/Az.Security.psd1 b/src/Security/Security/Az.Security.psd1 index 7ef753762cc1..ec4e585cf687 100644 --- a/src/Security/Security/Az.Security.psd1 +++ b/src/Security/Security/Az.Security.psd1 @@ -89,6 +89,12 @@ CmdletsToExport = 'Get-AzSecurityAlert', 'Set-AzSecurityAlert', 'Get-AzSecurityAdvancedThreatProtection', 'Enable-AzSecurityAdvancedThreatProtection', 'Disable-AzSecurityAdvancedThreatProtection', + 'Get-AzSecuritySqlVulnerabilityAssessmentScanRecord', + 'Get-AzSecuritySqlVulnerabilityAssessmentScanResult', + 'Add-AzSecuritySqlVulnerabilityAssessmentBaseline', + 'Remove-AzSecuritySqlVulnerabilityAssessmentBaseline', + 'Get-AzSecuritySqlVulnerabilityAssessmentBaseline', + 'Set-AzSecuritySqlVulnerabilityAssessmentBaseline', 'Get-AzIotSecuritySolution', 'Set-AzIotSecuritySolution', 'Remove-AzIotSecuritySolution', 'Update-AzIotSecuritySolution', 'New-AzIotSecuritySolutionRecommendationConfigurationObject', diff --git a/src/Security/Security/ChangeLog.md b/src/Security/Security/ChangeLog.md index d2dc985004e7..a4b4811461ca 100644 --- a/src/Security/Security/ChangeLog.md +++ b/src/Security/Security/ChangeLog.md @@ -19,15 +19,22 @@ --> ## Upcoming Release +* Added Sql Vulnerability Assessment cmdlets for IAAS: + `Get-AzSecuritySqlVulnerabilityAssessmentScanRecord` + `Get-AzSecuritySqlVulnerabilityAssessmentScanResult` + `Add-AzSecuritySqlVulnerabilityAssessmentBaseline` + `Remove-AzSecuritySqlVulnerabilityAssessmentBaseline` + `Get-AzSecuritySqlVulnerabilityAssessmentBaseline` + `Set-AzSecuritySqlVulnerabilityAssessmentBaseline` ## Version 0.9.0 * Added breaking change notification in AzSecurityAlert: - `Get-AzSecurityAlert` - `Set-AzSecurityAlert` + `Get-AzSecurityAlert` + `Set-AzSecurityAlert` * Added new cmdlets: - `Get-AzSecuritySecureScore` - `Get-AzSecuritySecureScoreControl` - `Get-AzSecuritySecureScoreControlDefinition` + `Get-AzSecuritySecureScore` + `Get-AzSecuritySecureScoreControl` + `Get-AzSecuritySecureScoreControlDefinition` ## Version 0.8.0 * Added new cmdlet: `Get-AzSecurityAdaptiveApplicationControl` and `Get-AzSecurityAdaptiveApplicationControlGroup` @@ -38,23 +45,25 @@ * Added new cmdlet: `Get-AzSecurityTopology` ## Version 0.7.9 -* Add new cmdlets: `Get-AzSecurityAssessment`, - `Set-AzSecurityAssessment`, - `Remove-AzSecurityAssessment`, - `Get-AzSecurityAssessmentMetadata`, - `Set-AzSecurityAssessmentMetadata`, - `Remove-AzSecurityAssessmentMetadata`, - `Get-AzSecuritySubAssessment` +* Add new cmdlets: + `Get-AzSecurityAssessment`, + `Set-AzSecurityAssessment`, + `Remove-AzSecurityAssessment`, + `Get-AzSecurityAssessmentMetadata`, + `Set-AzSecurityAssessmentMetadata`, + `Remove-AzSecurityAssessmentMetadata`, + `Get-AzSecuritySubAssessment` ## Version 0.7.9 * Added new cmdlets: - - `Get-AzSecuritySetting` - - `Set-AzSecuritySetting` + - `Get-AzSecuritySetting` + - `Set-AzSecuritySetting` ## Version 0.7.8 -* Add new cmdlets: `Get-AzRegulatoryComplianceStandard`, - `Get-AzRegulatoryComplianceControl`, - `Get-AzRegulatoryComplainceAssessment` +* Add new cmdlets: + `Get-AzRegulatoryComplianceStandard`, + `Get-AzRegulatoryComplianceControl`, + `Get-AzRegulatoryComplainceAssessment` * Add new API for IoTSecuritySolution, IoTSecuritySolutionAnalytics and DeviceSecurityGroups services * Support management of SQL Information Protection Policy. diff --git a/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/AddSecuritySqlVulnerabilityAssessmentBaseline.cs b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/AddSecuritySqlVulnerabilityAssessmentBaseline.cs new file mode 100644 index 000000000000..497542b61e95 --- /dev/null +++ b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/AddSecuritySqlVulnerabilityAssessmentBaseline.cs @@ -0,0 +1,59 @@ +using Commands.Security; +using Microsoft.Azure.Commands.Security.Common; +using Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment; +using System; +using System.Collections.Generic; +using System.Management.Automation; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Cmdlets.SqlVulnerabilityAssessment +{ + [Cmdlet(VerbsCommon.Add, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SecuritySqlVulnerabilityAssessmentBaseline", DefaultParameterSetName = ParameterSetNames.ResourceIdWithBaselineObject, SupportsShouldProcess = true), OutputType(typeof(PSSqlVulnerabilityAssessmentBaselineResults))] + public class AddSecuritySqlVulnerabilityAssessmentBaseline : SqlVulnerabilityAssessmentBaseWithBaseline + { + [Parameter(ParameterSetName = ParameterSetNames.ResourceIdWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.RuleId)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.RuleId)] + public string RuleId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ResourceIdWithBaselineObject, Mandatory = false, HelpMessage = ParameterHelpMessages.Baseline)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = false, HelpMessage = ParameterHelpMessages.Baseline)] + public string[][] Baseline { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithResourceId, Mandatory = true, ValueFromPipeline = true, HelpMessage = ParameterHelpMessages.InputObject)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithOnPrem, Mandatory = true, ValueFromPipeline = true, HelpMessage = ParameterHelpMessages.InputObject)] + public PSSqlVulnerabilityAssessmentBaselineResults InputObject { get; set; } + + public override void ExecuteCmdlet() + { + var databaseResourceId = BuildDatabaseResourceId(); + if (this.ParameterSetName == ParameterSetNames.InputObjectBaselineWithResourceId + || this.ParameterSetName == ParameterSetNames.InputObjectBaselineWithOnPrem) + { + foreach (var rule in InputObject.Results) + { + if (ShouldProcess(rule.Name, $"Adding baseline for {databaseResourceId}.")) + { + var results = SecurityCenterClient.SqlVulnerabilityAssessmentBaselineRules.CreateOrUpdateWithHttpMessagesAsync(rule.Name, WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId, results: rule.Results).GetAwaiter().GetResult().Body; + WriteObject(results?.ConvertToPSType()); + } + } + } + else + { + if (ShouldProcess(RuleId, $"Adding baseline for {databaseResourceId}.")) + { + if (Baseline == null) + { + var results = SecurityCenterClient.SqlVulnerabilityAssessmentBaselineRules.CreateOrUpdateWithHttpMessagesAsync(RuleId, WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId, latestScan: true).GetAwaiter().GetResult().Body; + WriteObject(results?.ConvertToPSType()); + } + else + { + var results = SecurityCenterClient.SqlVulnerabilityAssessmentBaselineRules.CreateOrUpdateWithHttpMessagesAsync(RuleId, WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId, results: Baseline).GetAwaiter().GetResult().Body; + WriteObject(results?.ConvertToPSType()); + } + } + } + } + } +} diff --git a/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/Common/SqlVulnerabilityAssessmentBaseWithBaseline.cs b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/Common/SqlVulnerabilityAssessmentBaseWithBaseline.cs new file mode 100644 index 000000000000..ae1a7974c20b --- /dev/null +++ b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/Common/SqlVulnerabilityAssessmentBaseWithBaseline.cs @@ -0,0 +1,65 @@ +using Commands.Security; +using Microsoft.Azure.Commands.Security.Common; +using System.Management.Automation; +namespace Microsoft.Azure.Commands.SecurityCenter.Cmdlets.SqlVulnerabilityAssessment +{ + public abstract class SqlVulnerabilityAssessmentBaseWithBaseline : SecurityCenterCmdletBase + { + [Parameter(ParameterSetName = ParameterSetNames.ResourceIdWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.ResourceId)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithResourceId, Mandatory = true, HelpMessage = ParameterHelpMessages.ResourceId)] + [ValidateNotNullOrEmpty] + public string ResourceId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ResourceIdWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.WorkspaceId)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.WorkspaceId)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithResourceId, Mandatory = true, HelpMessage = ParameterHelpMessages.WorkspaceId)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithOnPrem, Mandatory = true, HelpMessage = ParameterHelpMessages.WorkspaceId)] + [ValidateNotNullOrEmpty] + public string WorkspaceId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ResourceIdWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.Server)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.Server)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithResourceId, Mandatory = true, HelpMessage = ParameterHelpMessages.Server)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithOnPrem, Mandatory = true, HelpMessage = ParameterHelpMessages.Server)] + [ValidateNotNullOrEmpty] + public string Server { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ResourceIdWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.Database)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.Database)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithResourceId, Mandatory = true, HelpMessage = ParameterHelpMessages.Database)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithOnPrem, Mandatory = true, HelpMessage = ParameterHelpMessages.Database)] + [ValidateNotNullOrEmpty] + public string Database { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.ComputerName)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithOnPrem, Mandatory = true, HelpMessage = ParameterHelpMessages.ComputerName)] + [ValidateNotNullOrEmpty] + public string ComputerName { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.VmUuid)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithOnPrem, Mandatory = true, HelpMessage = ParameterHelpMessages.VmUuid)] + [ValidateNotNullOrEmpty] + public string VmUuid { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.AgentId)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithOnPrem, Mandatory = true, HelpMessage = ParameterHelpMessages.AgentId)] + [ValidateNotNullOrEmpty] + public string AgentId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = true, HelpMessage = ParameterHelpMessages.WorkspaceResourceId)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithOnPrem, Mandatory = true, HelpMessage = ParameterHelpMessages.WorkspaceResourceId)] + [ValidateNotNullOrEmpty] + public string WorkspaceResourceId { get; set; } + + public string BuildDatabaseResourceId() + { + if (this.ParameterSetName == ParameterSetNames.InputObjectBaselineWithOnPrem + || this.ParameterSetName == ParameterSetNames.OnPremMachinesWithBaselineObject) + { + return $"{WorkspaceResourceId}/onPremiseMachines/{ComputerName}_{AgentId}_{VmUuid}/sqlServers/{Server}/databases/{Database}"; + } + + return $"{ResourceId}/sqlServers/{Server}/databases/{Database}"; + } + } +} diff --git a/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/Common/SqlVulnerabilityAssessmentCmdlet.cs b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/Common/SqlVulnerabilityAssessmentCmdlet.cs new file mode 100644 index 000000000000..2d0ac92b8358 --- /dev/null +++ b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/Common/SqlVulnerabilityAssessmentCmdlet.cs @@ -0,0 +1,53 @@ +using Commands.Security; +using Microsoft.Azure.Commands.Security.Common; +using System.Management.Automation; +namespace Microsoft.Azure.Commands.SecurityCenter.Cmdlets.SqlVulnerabilityAssessment +{ + public abstract class SqlVulnerabilityAssessmentCmdlet : SecurityCenterCmdletBase + { + [Parameter(ParameterSetName = ParameterSetNames.ResourceId, Mandatory = true, HelpMessage = ParameterHelpMessages.ResourceId)] + [ValidateNotNullOrEmpty] + public string ResourceId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ResourceId, Mandatory = true, HelpMessage = ParameterHelpMessages.WorkspaceId)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = true, HelpMessage = ParameterHelpMessages.WorkspaceId)] + [ValidateNotNullOrEmpty] + public string WorkspaceId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ResourceId, Mandatory = true, HelpMessage = ParameterHelpMessages.Server)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = true, HelpMessage = ParameterHelpMessages.Server)] + [ValidateNotNullOrEmpty] + public string Server { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ResourceId, Mandatory = true, HelpMessage = ParameterHelpMessages.Database)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = true, HelpMessage = ParameterHelpMessages.Database)] + [ValidateNotNullOrEmpty] + public string Database { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = true, HelpMessage = ParameterHelpMessages.ComputerName)] + [ValidateNotNullOrEmpty] + public string ComputerName { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = true, HelpMessage = ParameterHelpMessages.VmUuid)] + [ValidateNotNullOrEmpty] + public string VmUuid { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = true, HelpMessage = ParameterHelpMessages.AgentId)] + [ValidateNotNullOrEmpty] + public string AgentId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = true, HelpMessage = ParameterHelpMessages.WorkspaceResourceId)] + [ValidateNotNullOrEmpty] + public string WorkspaceResourceId { get; set; } + + public string BuildDatabaseResourceId() + { + if (this.ParameterSetName == ParameterSetNames.OnPremMachines) + { + return $"{WorkspaceResourceId}/onPremiseMachines/{ComputerName}_{AgentId}_{VmUuid}/sqlServers/{Server}/databases/{Database}"; + } + + return $"{ResourceId}/sqlServers/{Server}/databases/{Database}"; + } + } +} diff --git a/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/Common/VulnerabilityAssessmentConstants.cs b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/Common/VulnerabilityAssessmentConstants.cs new file mode 100644 index 000000000000..ce68f37cbc59 --- /dev/null +++ b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/Common/VulnerabilityAssessmentConstants.cs @@ -0,0 +1,11 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Cmdlets.SqlVulnerabilityAssessment +{ + public static class VulnerabilityAssessmentConstants + { + public const string ApiVersion = "2020-07-01-preview"; + } +} diff --git a/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/GetSecuritySqlVulnerabilityAssessmentBaseline.cs b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/GetSecuritySqlVulnerabilityAssessmentBaseline.cs new file mode 100644 index 000000000000..81ae96348445 --- /dev/null +++ b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/GetSecuritySqlVulnerabilityAssessmentBaseline.cs @@ -0,0 +1,37 @@ +using Microsoft.Azure.Commands.Security.Common; +using Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment; +using System; +using System.Collections.Generic; +using System.Management.Automation; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Cmdlets.SqlVulnerabilityAssessment +{ + [Cmdlet(VerbsCommon.Get, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SecuritySqlVulnerabilityAssessmentBaseline", DefaultParameterSetName = ParameterSetNames.ResourceId), OutputType(typeof(PSSqlVulnerabilityAssessmentBaselineResults))] + public class GetSecuritySqlVulnerabilityAssessmentBaseline : SqlVulnerabilityAssessmentCmdlet + { + [Parameter(ParameterSetName = ParameterSetNames.ResourceId, Mandatory = false, HelpMessage = ParameterHelpMessages.RuleId)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = false, HelpMessage = ParameterHelpMessages.RuleId)] + public string RuleId { get; set; } + + public override void ExecuteCmdlet() + { + var databaseResourceId = BuildDatabaseResourceId(); + if (!string.IsNullOrEmpty(RuleId)) + { + + var results = SecurityCenterClient.SqlVulnerabilityAssessmentBaselineRules.GetWithHttpMessagesAsync(RuleId, WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId).GetAwaiter().GetResult().Body; + WriteObject(new PSSqlVulnerabilityAssessmentBaselineResults() + { + Results = new List() { results?.ConvertToPSType() }, + WorkSpaceId = WorkspaceId + }); + } + else + { + var results = SecurityCenterClient.SqlVulnerabilityAssessmentBaselineRules.ListWithHttpMessagesAsync(WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId).GetAwaiter().GetResult().Body; + WriteObject(results?.ConvertToPSType(WorkspaceId)); + } + } + } +} diff --git a/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/GetSecuritySqlVulnerabilityAssessmentScanRecord.cs b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/GetSecuritySqlVulnerabilityAssessmentScanRecord.cs new file mode 100644 index 000000000000..d76fcca24e3b --- /dev/null +++ b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/GetSecuritySqlVulnerabilityAssessmentScanRecord.cs @@ -0,0 +1,45 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ------------------------------------ + +using Commands.Security; +using System.Management.Automation; +using Microsoft.Azure.Commands.Security.Common; +using Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment; +using Microsoft.Azure.Commands.SecurityCenter.Cmdlets.SqlVulnerabilityAssessment; + +namespace Microsoft.Azure.Commands.Security.Cmdlets.SqlVulnerabilityAssessment +{ + [Cmdlet(VerbsCommon.Get, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SecuritySqlVulnerabilityAssessmentScanRecord", DefaultParameterSetName = ParameterSetNames.ResourceId), OutputType(typeof(PSSqlVulnerabilityAssessmentScanRecord))] + public class GetSecuritySqlVulnerabilityAssessmentScanRecord : SqlVulnerabilityAssessmentCmdlet + { + [Parameter(ParameterSetName = ParameterSetNames.ResourceId, Mandatory = false, HelpMessage = ParameterHelpMessages.ScanId)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = false, HelpMessage = ParameterHelpMessages.ScanId)] + public string ScanId { get; set; } + + public override void ExecuteCmdlet() + { + var databaseResourceId = BuildDatabaseResourceId(); + if (string.IsNullOrEmpty(ScanId)) + { + var results = SecurityCenterClient.SqlVulnerabilityAssessmentScans.ListWithHttpMessagesAsync(WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId).GetAwaiter().GetResult().Body; + WriteObject(results?.ConvertToPSType(), enumerateCollection: true); + } + else + { + var result = SecurityCenterClient.SqlVulnerabilityAssessmentScans.GetWithHttpMessagesAsync(ScanId, WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId).GetAwaiter().GetResult().Body; + WriteObject(result?.ConvertToPSType(), enumerateCollection: false); + } + } + } +} diff --git a/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/GetSecuritySqlVulnerabilityAssessmentScanResult.cs b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/GetSecuritySqlVulnerabilityAssessmentScanResult.cs new file mode 100644 index 000000000000..e62284c20cea --- /dev/null +++ b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/GetSecuritySqlVulnerabilityAssessmentScanResult.cs @@ -0,0 +1,39 @@ +using Commands.Security; +using Microsoft.Azure.Commands.Security.Common; +using Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment; +using System.Management.Automation; + +namespace Microsoft.Azure.Commands.SecurityCenter.Cmdlets.SqlVulnerabilityAssessment +{ + [Cmdlet(VerbsCommon.Get, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SecuritySqlVulnerabilityAssessmentScanResult", DefaultParameterSetName = ParameterSetNames.ResourceId), OutputType(typeof(PSSqlVulnerabilityAssessmentScanResult))] + public class GetSecuritySqlVulnerabilityAssessmentScanResult : SqlVulnerabilityAssessmentCmdlet + { + [Parameter(ParameterSetName = ParameterSetNames.ResourceId, Mandatory = false, HelpMessage = ParameterHelpMessages.ScanId)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = false, HelpMessage = ParameterHelpMessages.ScanId)] + public string ScanId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ResourceId, Mandatory = false, HelpMessage = ParameterHelpMessages.RuleId)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = false, HelpMessage = ParameterHelpMessages.RuleId)] + public string RuleId { get; set; } + + public override void ExecuteCmdlet() + { + if (string.IsNullOrEmpty(ScanId)) + { + ScanId = "latest"; + } + + var databaseResourceId = BuildDatabaseResourceId(); + if (string.IsNullOrEmpty(RuleId)) + { + var results = SecurityCenterClient.SqlVulnerabilityAssessmentScanResults.ListWithHttpMessagesAsync(ScanId, WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId).GetAwaiter().GetResult().Body; + WriteObject(results?.ConvertToPSType(), enumerateCollection: true); + } + else + { + var result = SecurityCenterClient.SqlVulnerabilityAssessmentScanResults.GetWithHttpMessagesAsync(ScanId, RuleId, WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId).GetAwaiter().GetResult().Body; + WriteObject(result?.ConvertToPSType(), enumerateCollection: false); + } + } + } +} diff --git a/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/RemoveSecuritySqlVulnerabilityAssessmentBaseline.cs b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/RemoveSecuritySqlVulnerabilityAssessmentBaseline.cs new file mode 100644 index 000000000000..9d97c9e7a610 --- /dev/null +++ b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/RemoveSecuritySqlVulnerabilityAssessmentBaseline.cs @@ -0,0 +1,55 @@ +using Microsoft.Azure.Commands.Security.Common; +using Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment; +using System; +using System.Collections.Generic; +using System.Management.Automation; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Cmdlets.SqlVulnerabilityAssessment +{ + [Cmdlet(VerbsCommon.Remove, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SecuritySqlVulnerabilityAssessmentBaseline", DefaultParameterSetName = ParameterSetNames.ResourceId, SupportsShouldProcess = true), OutputType(typeof(bool))] + public class RemoveSecuritySqlVulnerabilityAssessmentBaseline : SqlVulnerabilityAssessmentCmdlet + { + [Parameter(ParameterSetName = ParameterSetNames.ResourceId, Mandatory = true, HelpMessage = ParameterHelpMessages.RuleId)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachines, Mandatory = true, HelpMessage = ParameterHelpMessages.RuleId)] + public string RuleId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.InputObject, Mandatory = true, ValueFromPipeline = true, HelpMessage = ParameterHelpMessages.InputObject)] + public PSSqlVulnerabilityAssessmentBaselineResults InputObject { get; set; } + + [Parameter(Mandatory = false, HelpMessage = ParameterHelpMessages.PassThru)] + public SwitchParameter PassThru { get; set; } + + [Parameter(Mandatory = false, HelpMessage = ParameterHelpMessages.ForceRemoveBaseline)] + public SwitchParameter Force { get; set; } + + public override void ExecuteCmdlet() + { + if (this.ParameterSetName == ParameterSetNames.InputObject) + { + foreach (var rule in InputObject.Results) + { + if (Force.IsPresent || ShouldContinue($"Are you sure you want to proceed with removing baseline for rule {rule.Id}",$"Removing baseline for {rule.Id}")) + { + var dbResourceId = rule.Id.Substring(0, rule.Id.IndexOf("/providers/Microsoft.Security")); + SecurityCenterClient.SqlVulnerabilityAssessmentBaselineRules.DeleteWithHttpMessagesAsync(rule.Name, InputObject.WorkSpaceId, VulnerabilityAssessmentConstants.ApiVersion, dbResourceId).GetAwaiter().GetResult(); + } + } + } + else + { + var databaseResourceId = BuildDatabaseResourceId(); + if (Force.IsPresent || ShouldContinue($"Are you sure you want to proceed with removing baseline for rule {RuleId}", $"Removing baseline for {RuleId}")) + { + SecurityCenterClient.SqlVulnerabilityAssessmentBaselineRules.DeleteWithHttpMessagesAsync(RuleId, WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId).GetAwaiter().GetResult(); + } + + } + + if (PassThru.IsPresent) + { + WriteObject(true); + } + } + } +} diff --git a/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/SetSecuritySqlVulnerabilityAssessmentBaseline.cs b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/SetSecuritySqlVulnerabilityAssessmentBaseline.cs new file mode 100644 index 000000000000..3cc1ed713705 --- /dev/null +++ b/src/Security/Security/Cmdlets/SqlVulnerabilityAssessment/SetSecuritySqlVulnerabilityAssessmentBaseline.cs @@ -0,0 +1,70 @@ +using Commands.Security; +using Microsoft.Azure.Commands.Security.Common; +using Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment; +using Microsoft.Azure.Management.Security.Models; +using System; +using System.Collections; +using System.Collections.Generic; +using System.Linq; +using System.Management.Automation; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Cmdlets.SqlVulnerabilityAssessment +{ + [Cmdlet(VerbsCommon.Set, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SecuritySqlVulnerabilityAssessmentBaseline", SupportsShouldProcess = true, DefaultParameterSetName = ParameterSetNames.ResourceIdWithBaselineObject), OutputType(typeof(PSSqlVulnerabilityAssessmentBaselineResults))] + public class SetSecuritySqlVulnerabilityAssessmentBaseline : SqlVulnerabilityAssessmentBaseWithBaseline + { + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithResourceId, Mandatory = true, ValueFromPipeline = true, HelpMessage = ParameterHelpMessages.InputObject)] + [Parameter(ParameterSetName = ParameterSetNames.InputObjectBaselineWithOnPrem, Mandatory = true, ValueFromPipeline = true, HelpMessage = ParameterHelpMessages.InputObject)] + public PSSqlVulnerabilityAssessmentBaselineResults InputObject { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ResourceIdWithBaselineObject, Mandatory = false, HelpMessage = ParameterHelpMessages.Baseline)] + [Parameter(ParameterSetName = ParameterSetNames.OnPremMachinesWithBaselineObject, Mandatory = false, HelpMessage = ParameterHelpMessages.Baseline)] + public Hashtable BaselineSet { get; set; } + + [Parameter(Mandatory = false, HelpMessage = ParameterHelpMessages.ForceSetBaseline)] + public SwitchParameter Force { get; set; } + + public override void ExecuteCmdlet() + { + var databaseResourceId = BuildDatabaseResourceId(); + Dictionary>> baseline = null; + if (this.ParameterSetName == ParameterSetNames.InputObjectBaselineWithResourceId + || this.ParameterSetName == ParameterSetNames.InputObjectBaselineWithOnPrem) + { + baseline = InputObject.Results.ToDictionary( + result => result.Name, + result => (IList>)result.Results.Select( + row => (IList)row.ToList()).ToList()); + } + else + { + if (BaselineSet != null) + { + baseline = BaselineSet.Cast() + .ToDictionary( + kvp => (string)kvp.Key, + kvp => (IList>)((object[])kvp.Value) + .Select(arr => (IList)((object[])arr) + .Select(str => (string)str).ToList()) + .ToList()); + } + } + + RulesResults results = null; + if (Force.IsPresent || ShouldContinue($"Are you sure you want to set baseline? - This will discard your old baseline work.", $"Setting baseline for {databaseResourceId}.")) + { + if (baseline != null) + { + results = SecurityCenterClient.SqlVulnerabilityAssessmentBaselineRules.AddWithHttpMessagesAsync(WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId, results: baseline).GetAwaiter().GetResult().Body; + } + else + { + results = SecurityCenterClient.SqlVulnerabilityAssessmentBaselineRules.AddWithHttpMessagesAsync(WorkspaceId, VulnerabilityAssessmentConstants.ApiVersion, databaseResourceId, latestScan: true).GetAwaiter().GetResult().Body; + } + + WriteObject(results?.ConvertToPSType(WorkspaceId)); + } + } + } +} diff --git a/src/Security/Security/Common/ParameterHelpMessages.cs b/src/Security/Security/Common/ParameterHelpMessages.cs index 69d9a02b5ec2..7e572d2c1137 100644 --- a/src/Security/Security/Common/ParameterHelpMessages.cs +++ b/src/Security/Security/Common/ParameterHelpMessages.cs @@ -160,5 +160,22 @@ public static class ParameterHelpMessages public const string Summary = "Return output in a summarized form"; #endregion + + #region SQL Vulnerability Assessment + + public const string Server = "Server name"; + public const string Database = "Database name"; + public const string ComputerName = "Computer full name - on premise parameter"; + public const string VmUuid = "Virtual machine universal unique identifier - on premise parameter"; + public const string AgentId = "Agent ID - on premise parameter"; + public const string WorkspaceResourceId = "Workspace resource ID - on premise parameter"; + public const string UseLatest = "Use latest results for the operation"; + public const string RuleId = "Vulnerability Assessment rule ID"; + public const string ScanId = "Vulnerability Assessment scan ID - use scanId = 'latest' to get latest results"; + public const string Baseline = "Vulnerability Assessment baseline object"; + public const string ForceRemoveBaseline = "Force remove baseline without confirmation"; + public const string ForceSetBaseline = "Force set baseline without confirmation"; + + #endregion } } \ No newline at end of file diff --git a/src/Security/Security/Common/ParameterSetNames.cs b/src/Security/Security/Common/ParameterSetNames.cs index aef803308b18..95035e79540b 100644 --- a/src/Security/Security/Common/ParameterSetNames.cs +++ b/src/Security/Security/Common/ParameterSetNames.cs @@ -37,5 +37,19 @@ public static class ParameterSetNames public const string DataExportSettingsScope = "DataExportSettingsScope"; #endregion + + #region Sql Vulnerability Assessment + + public const string OnPremMachines = "OnPremMachines"; + + public const string ResourceIdWithBaselineObject = "ResourceIdWithBaselineObject"; + public const string ResourceIdWithBaselineLatest = "ResourceIdWithBaselineLatest"; + public const string OnPremMachinesWithBaselineObject = "OnPremMachinesWithBaselineObject"; + public const string InputObjectBaselineWithResourceId = "InputObjectWithResourceId"; + public const string InputObjectBaselineWithOnPrem = "InputObjectBaselineWithOnPrem"; + public const string ResourceIdWithScanId = "ResourceIdWithScanId"; + public const string OnPremMachinesWithScanId = "OnPremMachinesWithScanId"; + + #endregion } } diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentBaseline.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentBaseline.cs new file mode 100644 index 000000000000..4c5c12a7397c --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentBaseline.cs @@ -0,0 +1,22 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityAssessmentBaseline + { + public string[][] ExpectedResults { get; set; } + public DateTime? UpdatedTime { get; set; } + + public override string ToString() + { + return string.Join(Environment.NewLine, $"{{", + $"Update Time: {UpdatedTime}", + $"Expected Results:", + (ExpectedResults.Any() ? $"{string.Join(Environment.NewLine, ExpectedResults.Select(row => $"{{{string.Join(", ", row)}}}"))}" : "{}") + + $"}}"); + } + } +} diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentBaselineAdjustedResult.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentBaselineAdjustedResult.cs new file mode 100644 index 000000000000..db9ea173cf26 --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentBaselineAdjustedResult.cs @@ -0,0 +1,39 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityAssessmentBaselineAdjustedResult + { + public string Status { get; set; } + + public string[][] ResultsNotInBaseline { get; set; } + + public string[][] ResultsOnlyInBaseline { get; set; } + + public PSSqlVulnerabilityAssessmentBaseline Baseline { get; set; } + + public override string ToString() + { + if (string.IsNullOrEmpty(Status) && + !ResultsNotInBaseline.Any() && + !ResultsOnlyInBaseline.Any() && + Baseline == null) + { + return "{}"; + } + + return string.Join(Environment.NewLine, $"{{", + $"Status: {Status}" , + $"Results not in baseline:", + (ResultsNotInBaseline.Any() ? $"{string.Join(Environment.NewLine, ResultsNotInBaseline.Select(row => $"{{{string.Join(", ", row)}}}"))}" : "{}"), + $"Results only in baseline:", + (ResultsOnlyInBaseline.Any() ? $"{string.Join(Environment.NewLine, ResultsOnlyInBaseline.Select(row => $"{{{string.Join(", ", row)}}}"))}" : "{}"), + $"Baseline:", + $"{Baseline}", + $"}}"); + } + } +} diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentBaselineResults.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentBaselineResults.cs new file mode 100644 index 000000000000..d3695e94a5c9 --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentBaselineResults.cs @@ -0,0 +1,13 @@ +using Microsoft.Azure.Commands.Security.Models; +using System; +using System.Collections.Generic; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityAssessmentBaselineResults + { + public List Results { get; set; } + public string WorkSpaceId { get; set; } + } +} diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentConverters.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentConverters.cs new file mode 100644 index 000000000000..b151fe73ba7e --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentConverters.cs @@ -0,0 +1,149 @@ +using Microsoft.Azure.Management.Security.Models; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public static class PSSqlVulnerabilityAssessmentConverters + { + public static PSSqlVulnerabilityAssessmentScanRecord ConvertToPSType(this Scan value) + { + return new PSSqlVulnerabilityAssessmentScanRecord() + { + Id = value.Id, + Name = value.Name, + Type = value.Type, + TriggerType = value.Properties.TriggerType, + State = value.Properties.State, + Server = value.Properties.Server, + Database = value.Properties.Database, + SqlVersion = value.Properties.SqlVersion, + StartTime = value.Properties.StartTime, + EndTime = value.Properties.EndTime, + HighSeverityFailedRulesCount = value.Properties.HighSeverityFailedRulesCount ?? 0, + MediumSeverityFailedRulesCount = value.Properties.MediumSeverityFailedRulesCount ?? 0, + LowSeverityFailedRulesCount = value.Properties.LowSeverityFailedRulesCount ?? 0, + TotalPassedRulesCount = value.Properties.TotalPassedRulesCount ?? 0, + TotalFailedRulesCount = value.Properties.TotalFailedRulesCount ?? 0, + TotalRulesCount = value.Properties.TotalRulesCount ?? 0, + IsBaselineApplied = value.Properties.IsBaselineApplied ?? false + }; + } + + public static IList ConvertToPSType(this Scans value) + { + return value.Value.Select(scan => scan.ConvertToPSType()).ToList(); + } + + public static PSSqlVulnerabilityAssessmentQueryCheck ConvertToPSType(this QueryCheck value) + { + return new PSSqlVulnerabilityAssessmentQueryCheck() + { + Query = value.Query, + ColumnNames = value.ColumnNames?.ToArray() ?? new string[0], + ExpectedResult = value.ExpectedResult?.Select(result => result.ToArray()).ToArray() ?? new string[0][] + }; + } + + public static PSSqlVulnerabilityBenchmarkReference ConvertToPSType(this BenchmarkReference value) + { + return new PSSqlVulnerabilityBenchmarkReference() + { + Benchmark = value.Benchmark, + Reference = value.Reference + }; + } + + public static PSSqlVulnerabilityAssessmentRule ConvertToPSType(this VaRule value) + { + return new PSSqlVulnerabilityAssessmentRule() + { + RuleId = value.RuleId, + Title = value.Title, + Severity = value.Severity, + RuleType = value.RuleType, + Description = value.Description, + Category = value.Category, + Rationale = value.Rationale, + QueryCheck = value.QueryCheck.ConvertToPSType(), + BenchmarkReferences = value.BenchmarkReferences?.Select(benchmark => benchmark.ConvertToPSType()).ToArray() ?? new PSSqlVulnerabilityBenchmarkReference[0] + }; + } + + public static PSSqlVulnerabilityAssessmentRemediation ConvertToPSType(this Remediation value) + { + return new PSSqlVulnerabilityAssessmentRemediation() + { + Automated = value.Automated ?? false, + Description = value.Description, + PortalLink = value.PortalLink, + Scripts = value.Scripts.ToArray() + }; + } + + public static PSSqlVulnerabilityAssessmentBaseline ConvertToPSType(this Baseline value) + { + return new PSSqlVulnerabilityAssessmentBaseline() + { + ExpectedResults = value.ExpectedResults?.Select(result => result.ToArray()).ToArray() ?? new string[0][], + UpdatedTime = value.UpdatedTime + }; + } + + public static PSSqlVulnerabilityAssessmentBaselineAdjustedResult ConvertToPSType(this BaselineAdjustedResult value) + { + return new PSSqlVulnerabilityAssessmentBaselineAdjustedResult() + { + Status = value?.Status ?? string.Empty, + ResultsNotInBaseline = value?.ResultsNotInBaseline?.Select(result => result.ToArray()).ToArray() ?? new string[0][], + ResultsOnlyInBaseline = value?.ResultsOnlyInBaseline?.Select(result => result.ToArray()).ToArray() ?? new string[0][], + Baseline = value?.Baseline.ConvertToPSType() ?? null + }; + } + + public static PSSqlVulnerabilityAssessmentScanResult ConvertToPSType(this ScanResult value) + { + return new PSSqlVulnerabilityAssessmentScanResult() + { + Id = value.Id, + Name = value.Name, + Type = value.Type, + RuleId = value.Properties.RuleId, + IsTrimmed = value.Properties.IsTrimmed, + QueryResults = value.Properties.QueryResults?.Select(result => result.ToArray()).ToArray() ?? new string[0][], + Status = value.Properties.Status, + Remediation = value.Properties.Remediation.ConvertToPSType(), + BaselineAdjustedResult = value.Properties.BaselineAdjustedResult.ConvertToPSType(), + RuleMetadata = value.Properties.RuleMetadata.ConvertToPSType() + }; + } + + public static IList ConvertToPSType(this ScanResults value) + { + return value.Value.Select(scan => scan.ConvertToPSType()).ToList(); + } + + public static PSSqlVulnerabilityAssessmentRuleBaselineResults ConvertToPSType(this RuleResults value) + { + return new PSSqlVulnerabilityAssessmentRuleBaselineResults() + { + Id = value.Id, + Name = value.Name, + Type = value.Type, + Results = value.Properties.Results?.Select(result => result.ToArray()).ToArray() ?? new string[0][] + }; + } + + public static PSSqlVulnerabilityAssessmentBaselineResults ConvertToPSType(this RulesResults value, string workspaceId = "") + { + return new PSSqlVulnerabilityAssessmentBaselineResults() + { + Results = value.Value?.Select(scan => scan.ConvertToPSType()).ToList() ?? new List(), + WorkSpaceId = workspaceId + }; + } + } +} + diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentQueryCheck.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentQueryCheck.cs new file mode 100644 index 000000000000..4994f9425569 --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentQueryCheck.cs @@ -0,0 +1,26 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityAssessmentQueryCheck + { + public string Query { get; set; } + public string[][] ExpectedResult { get; set; } + public string[] ColumnNames { get; set; } + + public override string ToString() + { + return string.Join(Environment.NewLine, $"{{", + $"Query:", + $"{Query}", + $"Column Names:", + $"{string.Join(", ", ColumnNames)}", + $"Expected Results:", + (ExpectedResult.Any() ? $"{string.Join(Environment.NewLine, ExpectedResult.Select(row => $"{{{string.Join(", ", row)}}}"))}" : "{}") + + $"}}"); + } + } +} diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentRemediation.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentRemediation.cs new file mode 100644 index 000000000000..b74666c69c3c --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentRemediation.cs @@ -0,0 +1,26 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityAssessmentRemediation + { + public string Description { get; set; } + public string[] Scripts { get; set; } + public bool Automated { get; set; } + public string PortalLink { get; set; } + + public override string ToString() + { + return string.Join(Environment.NewLine, $"{{", + $"{Description}", + $"IsAutimated: {Automated}", + $"Portal Link: {PortalLink}", + $"Script:", + (Scripts.Any() ? $"{string.Join(Environment.NewLine, Scripts)}" : "{}"), + $"}}"); + } + } +} diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentRule.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentRule.cs new file mode 100644 index 000000000000..f54be89fa7c9 --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentRule.cs @@ -0,0 +1,37 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityAssessmentRule + { + public string RuleId { get; set; } + public string Severity { get; set; } + public string Category { get; set; } + public string RuleType { get; set; } + public string Title { get; set; } + public string Description { get; set; } + public string Rationale { get; set; } + public PSSqlVulnerabilityAssessmentQueryCheck QueryCheck { get; set; } + public IList BenchmarkReferences { get; set; } + + public override string ToString() + { + return string.Join(Environment.NewLine, $"{{", + $"Rule id: {RuleId}", + $"Severity: {Severity}", + $"Category: {Category}", + $"Rule type: {RuleType}", + $"Title: {Title}", + $"Description: {Description}", + $"Rationale: {Rationale}", + $"Query check:", + $"{QueryCheck}", + "Benchmark References:", + (BenchmarkReferences.Any() ? $"{string.Join(", ", BenchmarkReferences)}" : "{}"), + $"}}"); + } + } +} diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentRuleBaselineResults.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentRuleBaselineResults.cs new file mode 100644 index 000000000000..cec1b7ce1aec --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentRuleBaselineResults.cs @@ -0,0 +1,18 @@ +using Microsoft.Azure.Commands.Security.Models; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityAssessmentRuleBaselineResults : PSResource + { + public string[][] Results { get; set; } + + public override string ToString() + { + return $"{Name} => [{string.Join(", ",Results.Select(row => $"[{string.Join(", ", row)}]"))}]"; + } + } +} diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentScanRecord.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentScanRecord.cs new file mode 100644 index 000000000000..9e9ed14f7d25 --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentScanRecord.cs @@ -0,0 +1,39 @@ +using Microsoft.Azure.Commands.Security.Models; +using System; +using System.Collections.Generic; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityAssessmentScanRecord : PSResource + { + + public string TriggerType { get; set; } + + public string State { get; set; } + + public string Server { get; set; } + + public string Database { get; set; } + + public string SqlVersion { get; set; } + + public DateTime? StartTime { get; set; } + + public DateTime? EndTime { get; set; } + + public int HighSeverityFailedRulesCount { get; set; } + + public int MediumSeverityFailedRulesCount { get; set; } + + public int LowSeverityFailedRulesCount { get; set; } + + public int TotalPassedRulesCount { get; set; } + + public int TotalFailedRulesCount { get; set; } + + public int TotalRulesCount { get; set; } + + public bool IsBaselineApplied { get; set; } + } +} diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentScanResult.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentScanResult.cs new file mode 100644 index 000000000000..61444b95d8e3 --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityAssessmentScanResult.cs @@ -0,0 +1,24 @@ +using Microsoft.Azure.Commands.Security.Models; +using System; +using System.Collections.Generic; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityAssessmentScanResult : PSResource + { + public string RuleId { get; set; } + + public string Status { get; set; } + + public bool? IsTrimmed { get; set; } + + public string[][] QueryResults { get; set; } + + public PSSqlVulnerabilityAssessmentRemediation Remediation { get; set; } + + public PSSqlVulnerabilityAssessmentBaselineAdjustedResult BaselineAdjustedResult { get; set; } + + public PSSqlVulnerabilityAssessmentRule RuleMetadata { get; set; } + } +} diff --git a/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityBenchmarkReference.cs b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityBenchmarkReference.cs new file mode 100644 index 000000000000..54c23a5452d3 --- /dev/null +++ b/src/Security/Security/Models/SqlVulnerabilityAssessment/PSSqlVulnerabilityBenchmarkReference.cs @@ -0,0 +1,20 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment +{ + public class PSSqlVulnerabilityBenchmarkReference + { + public string Benchmark { get; set; } + public string Reference { get; set; } + + public override string ToString() + { + return string.Join(Environment.NewLine, $"{{", + $"Benchmark: {Benchmark}", + $"Reference: {Reference}", + $"}}"); + } + } +} diff --git a/src/Security/Security/help/Add-AzSecuritySqlVulnerabilityAssessmentBaseline.md b/src/Security/Security/help/Add-AzSecuritySqlVulnerabilityAssessmentBaseline.md new file mode 100644 index 000000000000..3b33cf90c553 --- /dev/null +++ b/src/Security/Security/help/Add-AzSecuritySqlVulnerabilityAssessmentBaseline.md @@ -0,0 +1,349 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Security.dll-Help.xml +Module Name: Az.Security +online version: https://docs.microsoft.com/powershell/module/az.security/add-azsecuritysqlvulnerabilityassessmentbaseline +schema: 2.0.0 +--- + +# Add-AzSecuritySqlVulnerabilityAssessmentBaseline + +## SYNOPSIS +Add SQL Vulnerability Assessment baseline. + +## SYNTAX + +### ResourceIdWithBaselineObject (Default) +``` +Add-AzSecuritySqlVulnerabilityAssessmentBaseline -RuleId [-Baseline ] -ResourceId + -WorkspaceId -Server -Database [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + +### OnPremMachinesWithBaselineObject +``` +Add-AzSecuritySqlVulnerabilityAssessmentBaseline -RuleId [-Baseline ] + -WorkspaceId -Server -Database -ComputerName -VmUuid + -AgentId -WorkspaceResourceId [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + +### InputObjectWithResourceId +``` +Add-AzSecuritySqlVulnerabilityAssessmentBaseline -InputObject + -ResourceId -WorkspaceId -Server -Database + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### InputObjectBaselineWithOnPrem +``` +Add-AzSecuritySqlVulnerabilityAssessmentBaseline -InputObject + -WorkspaceId -Server -Database -ComputerName -VmUuid + -AgentId -WorkspaceResourceId [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +Add SQL Vulnerability Assessment baseline + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Add-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" -Baseline @( , @("dbo", "db_owner1", "SQL_USER")) + +Results Id +------- -- +{dbo db_owner1 SQL_USER} /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServ… +``` + +Example of resource id parameters. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + + +Notice the @(,@('a','b',...)) syntax for array of arrays of string with only one inner array. Eeach inner array represents a row in the query results. + +### Example 2 +```powershell +PS C:\> Add-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" -Baseline @( , @("dbo", "db_owner1", "SQL_USER")) + +Results Id +------- -- +{dbo db_owner1 SQL_USER} /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServ… +``` + +Example of on premise parameters. + +### Example 3 +```powershell +PS C:\> Add-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" + +Results Id +------- -- +{dbo db_owner1 SQL_USER} /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServ… +``` + +In this example when the -Baseline parameter is not supplied, latest results are set as baseline. + +### Example 4 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master | Add-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2/onPremiseMachines/TAHERSCO-DEV.middleeast.corp.microsoft.com_7adcdd86-adb6-4008-a254-80e0fc425c55_4c4c4544-0058-3310-8032-c4c04f4a4e32 -WorkspaceId 806d6dfa-132f-488d-975b-9bcf2fcd6802 -Server SQLEXPRESS -Database master + +Results Id +------- -- +{dbo db_owner SQL_USER} /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2/onpremisemachines/tahersco-dev.middleeast.corp.microsoft.com_7adcdd86-adb6-4008-a254-80e0fc425c55_4c… +``` + +Example for transfering baseline from database 'master' from one server to another using InputObjectWithResourceId parameter set. it is important that both source and destination server have matching platforms, versions, and ruleset otherwise the operation might fail. + +### Example 5 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master | Add-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2 -ComputerName TAHERSCO-DEV.middleeast.corp.microsoft.com -AgentId 7adcdd86-adb6-4008-a254-80e0fc425c55 -VmUuid 4c4c4544-0058-3310-8032-c4c04f4a4e32 -WorkspaceId 806d6dfa-132f-488d-975b-9bcf2fcd6802 -Server SQLEXPRESS -Database master + +Results Id +------- -- +{dbo db_owner SQL_USER} /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2/onpremisemachines/tahersco-dev.middleeast.corp.microsoft.com_7adcdd86-adb6-4008-a254-80e0fc425c55_4c… +``` + +Example for transfering baseline from database 'master' from one server to another using InputObjectBaselineWithOnPrem parameter set. it is important that both source and destination server have matching platforms, versions, and ruleset otherwise the operation might fail. + +## PARAMETERS + +### -AgentId +Agent ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachinesWithBaselineObject, InputObjectBaselineWithOnPrem +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Baseline +Vulnerability Assessment baseline object + +```yaml +Type: System.String[][] +Parameter Sets: ResourceIdWithBaselineObject, OnPremMachinesWithBaselineObject +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Computer full name - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachinesWithBaselineObject, InputObjectBaselineWithOnPrem +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Database +Database name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Input Object. + +```yaml +Type: Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentBaselineResults +Parameter Sets: InputObjectWithResourceId, InputObjectBaselineWithOnPrem +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ResourceId +ID of the security resource that you want to invoke the command on. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +```yaml +Type: System.String +Parameter Sets: ResourceIdWithBaselineObject, InputObjectWithResourceId +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RuleId +Vulnerability Assessment rule ID + +```yaml +Type: System.String +Parameter Sets: ResourceIdWithBaselineObject, OnPremMachinesWithBaselineObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Server name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VmUuid +Virtual machine universal unique identifier - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachinesWithBaselineObject, InputObjectBaselineWithOnPrem +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceId +Workspace ID. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceResourceId +Workspace resource ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachinesWithBaselineObject, InputObjectBaselineWithOnPrem +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentBaselineResults + +## OUTPUTS + +### Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentBaselineResults + +## NOTES + +## RELATED LINKS + +[Remove-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/remove-azsecuritysqlvulnerabilityassessmentbaseline) + +[Get-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/get-azsecuritysqlvulnerabilityassessmentbaseline) + +[Set-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/set-azsecuritysqlvulnerabilityassessmentbaseline) \ No newline at end of file diff --git a/src/Security/Security/help/Get-AzSecuritySqlVulnerabilityAssessmentBaseline.md b/src/Security/Security/help/Get-AzSecuritySqlVulnerabilityAssessmentBaseline.md new file mode 100644 index 000000000000..f1674f60624c --- /dev/null +++ b/src/Security/Security/help/Get-AzSecuritySqlVulnerabilityAssessmentBaseline.md @@ -0,0 +1,247 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Security.dll-Help.xml +Module Name: Az.Security +online version: https://docs.microsoft.com/powershell/module/az.security/get-azsecuritysqlvulnerabilityassessmentbaseline +schema: 2.0.0 +--- + +# Get-AzSecuritySqlVulnerabilityAssessmentBaseline + +## SYNOPSIS +Get SQL Vulnerability Assessment baseline. + +## SYNTAX + +### ResourceId (Default) +``` +Get-AzSecuritySqlVulnerabilityAssessmentBaseline [-RuleId ] -ResourceId -WorkspaceId + -Server -Database [-DefaultProfile ] [] +``` + +### OnPremMachines +``` +Get-AzSecuritySqlVulnerabilityAssessmentBaseline [-RuleId ] -WorkspaceId -Server + -Database -ComputerName -VmUuid -AgentId -WorkspaceResourceId + [-DefaultProfile ] [] +``` + +## DESCRIPTION +Get SQL Vulnerability Assessment baseline. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" + +Results WorkSpaceId +------- ----------- +{VA2108 => [[dbo, db_owner1, SQL_USER]]} ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 +``` + +Example of using resource id parameters. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +### Example 2 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" + +Results WorkSpaceId +------- ----------- +{VA2108 => [[dbo, db_owner1, SQL_USER]]} ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 +``` + +Example of using on premise parameters. + +### Example 3 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master + +Results WorkSpaceId +------- ----------- +{VA1017 => [], VA1018 => [[True]], VA1020 => [], VA1022 => [[False]]…} ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 +``` + +In this example a rule id is not specified, it returns all the baselines for that database. + +## PARAMETERS + +### -AgentId +Agent ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Computer full name - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Database +Database name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceId +ID of the security resource that you want to invoke the command on. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +```yaml +Type: System.String +Parameter Sets: ResourceId +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RuleId +Vulnerability Assessment rule ID + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Server name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VmUuid +Virtual machine universal unique identifier - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceId +Workspace ID. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceResourceId +Workspace resource ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentBaselineResults + +## NOTES + +## RELATED LINKS + +[Add-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/add-azsecuritysqlvulnerabilityassessmentbaseline) + +[Remove-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/remove-azsecuritysqlvulnerabilityassessmentbaseline) + +[Set-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/set-azsecuritysqlvulnerabilityassessmentbaseline) \ No newline at end of file diff --git a/src/Security/Security/help/Get-AzSecuritySqlVulnerabilityAssessmentScanRecord.md b/src/Security/Security/help/Get-AzSecuritySqlVulnerabilityAssessmentScanRecord.md new file mode 100644 index 000000000000..231a3807e9e0 --- /dev/null +++ b/src/Security/Security/help/Get-AzSecuritySqlVulnerabilityAssessmentScanRecord.md @@ -0,0 +1,375 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Security.dll-Help.xml +Module Name: Az.Security +online version: https://docs.microsoft.com/powershell/module/az.security/get-azsecuritysqlvulnerabilityassessmentscanrecord +schema: 2.0.0 +--- + +# Get-AzSecuritySqlVulnerabilityAssessmentScanRecord + +## SYNOPSIS +Gets SQL Vulnerability Assessment scan records. + +## SYNTAX + +### ResourceId (Default) +``` +Get-AzSecuritySqlVulnerabilityAssessmentScanRecord [-ScanId ] -ResourceId + -WorkspaceId -Server -Database [-DefaultProfile ] + [] +``` + +### OnPremMachines +``` +Get-AzSecuritySqlVulnerabilityAssessmentScanRecord [-ScanId ] -WorkspaceId -Server + -Database -ComputerName -VmUuid -AgentId -WorkspaceResourceId + [-DefaultProfile ] [] +``` + +## DESCRIPTION +Gets SQL Vulnerability Assessment scan records. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentScanRecord -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -ScanId 169a5f78-acff-4e05-b597-6252af7e6677 + +TriggerType : Recurring +State : Failed +Server : AHABASDEV01SRV +Database : master +SqlVersion : 14.0.1000.169 +StartTime : 11/18/2020 1:10:34 AM +EndTime : 11/18/2020 1:40:20 AM +HighSeverityFailedRulesCount : 9 +MediumSeverityFailedRulesCount : 2 +LowSeverityFailedRulesCount : 5 +TotalPassedRulesCount : 43 +TotalFailedRulesCount : 16 +TotalRulesCount : 59 +IsBaselineApplied : True +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/provid + ers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas + -dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-003 + 0-4b10-8039-b8c04f4a3332/sqlServers/AHABASDEV01SRV/databases/master/providers/Microsof + t.Security/sqlVulnerabilityAssessments/default/scans/169a5f78-acff-4e05-b597-6252af7e6 + 677 +Name : 169a5f78-acff-4e05-b597-6252af7e6677 +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans +``` + +Example for using azure resource id parameters. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +### Example 2 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentScanRecord -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -ScanId bdbdf860-5d58-464b-ad9a-0125af63c162 + +TriggerType : Recurring +State : Failed +Server : AHABASDEV01SRV +Database : master +SqlVersion : 14.0.1000.169 +StartTime : 3/17/2021 1:11:10 AM +EndTime : 12/31/9999 9:59:59 PM +HighSeverityFailedRulesCount : 9 +MediumSeverityFailedRulesCount : 2 +LowSeverityFailedRulesCount : 5 +TotalPassedRulesCount : 43 +TotalFailedRulesCount : 16 +TotalRulesCount : 59 +IsBaselineApplied : True +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/ + sqlServers/AHABASDEV01SRV/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/bdbdf860-5d58-464b-ad9a-0125af63c162 +Name : bdbdf860-5d58-464b-ad9a-0125af63c162 +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans +``` + +Example for using on premise parameters. + +### Example 3 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentScanRecord -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -ScanId "latest" + +TriggerType : Recurring +State : Failed +Server : AHABASDEV01SRV +Database : master +SqlVersion : 14.0.1000.169 +StartTime : 3/17/2021 1:11:10 AM +EndTime : 12/31/9999 9:59:59 PM +HighSeverityFailedRulesCount : 9 +MediumSeverityFailedRulesCount : 2 +LowSeverityFailedRulesCount : 5 +TotalPassedRulesCount : 43 +TotalFailedRulesCount : 16 +TotalRulesCount : 59 +IsBaselineApplied : True +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/ + sqlServers/AHABASDEV01SRV/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/bdbdf860-5d58-464b-ad9a-0125af63c162 +Name : bdbdf860-5d58-464b-ad9a-0125af63c162 +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans +``` + +Example for using scan id = "latest". + +### Example 4 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentScanRecord -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master + + +TriggerType : Recurring +State : Failed +Server : AHABASDEV01SRV +Database : master +SqlVersion : 14.0.1000.169 +StartTime : 3/17/2021 1:11:10 AM +EndTime : 12/31/9999 9:59:59 PM +HighSeverityFailedRulesCount : 9 +MediumSeverityFailedRulesCount : 2 +LowSeverityFailedRulesCount : 5 +TotalPassedRulesCount : 43 +TotalFailedRulesCount : 16 +TotalRulesCount : 59 +IsBaselineApplied : True +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/ + sqlServers/AHABASDEV01SRV/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/bdbdf860-5d58-464b-ad9a-0125af63c162 +Name : bdbdf860-5d58-464b-ad9a-0125af63c162 +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans + +TriggerType : Recurring +State : Failed +Server : AHABASDEV01SRV +Database : master +SqlVersion : 14.0.1000.169 +StartTime : 3/17/2021 12:41:14 AM +EndTime : 3/17/2021 1:11:10 AM +HighSeverityFailedRulesCount : 2 +MediumSeverityFailedRulesCount : 0 +LowSeverityFailedRulesCount : 0 +TotalPassedRulesCount : 57 +TotalFailedRulesCount : 2 +TotalRulesCount : 59 +IsBaselineApplied : True +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/ + sqlServers/AHABASDEV01SRV/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/8b2383c3-7c7e-4b6c-9b34-512ce99fd68a +Name : 8b2383c3-7c7e-4b6c-9b34-512ce99fd68a +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans + +TriggerType : Recurring +State : Passed +Server : AHABASDEV01SRV +Database : master +SqlVersion : 14.0.1000.169 +StartTime : 2/14/2021 4:27:44 PM +EndTime : 3/17/2021 12:41:14 AM +HighSeverityFailedRulesCount : 0 +MediumSeverityFailedRulesCount : 0 +LowSeverityFailedRulesCount : 0 +TotalPassedRulesCount : 59 +TotalFailedRulesCount : 0 +TotalRulesCount : 59 +IsBaselineApplied : True +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/ + sqlServers/AHABASDEV01SRV/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/6845790d-6463-4f45-96e8-76286edf0267 +Name : 6845790d-6463-4f45-96e8-76286edf0267 +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans + +TriggerType : Recurring +State : Failed +Server : AHABASDEV01SRV +Database : master +SqlVersion : 14.0.1000.169 +StartTime : 2/14/2021 3:57:44 PM +EndTime : 2/14/2021 4:27:44 PM +HighSeverityFailedRulesCount : 2 +MediumSeverityFailedRulesCount : 0 +LowSeverityFailedRulesCount : 0 +TotalPassedRulesCount : 57 +TotalFailedRulesCount : 2 +TotalRulesCount : 59 +IsBaselineApplied : True +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/ + sqlServers/AHABASDEV01SRV/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/2058a46e-cb5a-4a49-b28a-6576a540dd9d +Name : 2058a46e-cb5a-4a49-b28a-6576a540dd9d +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans +``` + +Example for Listing all scan records when a scan id is not specified. + +## PARAMETERS + +### -AgentId +Agent ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Computer full name - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Database +Database name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceId +ID of the security resource that you want to invoke the command on. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +```yaml +Type: System.String +Parameter Sets: ResourceId +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ScanId +Vulnerability Assessment scan ID - use scanId = 'latest' to get latest results + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Server name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VmUuid +Virtual machine universal unique identifier - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceId +Workspace ID. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceResourceId +Workspace resource ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentScanRecord + +## NOTES + +## RELATED LINKS diff --git a/src/Security/Security/help/Get-AzSecuritySqlVulnerabilityAssessmentScanResult.md b/src/Security/Security/help/Get-AzSecuritySqlVulnerabilityAssessmentScanResult.md new file mode 100644 index 000000000000..bff7a029bc46 --- /dev/null +++ b/src/Security/Security/help/Get-AzSecuritySqlVulnerabilityAssessmentScanResult.md @@ -0,0 +1,447 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Security.dll-Help.xml +Module Name: Az.Security +online version: https://docs.microsoft.com/powershell/module/az.security/get-azsecuritysqlvulnerabilityassessmentscanresult +schema: 2.0.0 +--- + +# Get-AzSecuritySqlVulnerabilityAssessmentScanResult + +## SYNOPSIS +Gets SQL Vulnerability Assessment scan results. + +## SYNTAX + +### ResourceId (Default) +``` +Get-AzSecuritySqlVulnerabilityAssessmentScanResult [-ScanId ] [-RuleId ] -ResourceId + -WorkspaceId -Server -Database [-DefaultProfile ] + [] +``` + +### OnPremMachines +``` +Get-AzSecuritySqlVulnerabilityAssessmentScanResult [-ScanId ] [-RuleId ] -WorkspaceId + -Server -Database -ComputerName -VmUuid -AgentId + -WorkspaceResourceId [-DefaultProfile ] [] +``` + +## DESCRIPTION +Gets SQL Vulnerability Assessment scan results. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentScanResult -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -ScanId 5cded390-68c4-4f5b-9ce6-b8a7a12b288b -RuleId "VA2108" + +RuleId : VA2108 +Status : Finding +IsTrimmed : False +QueryResults : {dbo db_owner SQL_USER} +Remediation : { + Remove members who should not have access to the database role + IsAutimated: True + Portal Link: + Script: + ALTER ROLE [db_owner] DROP MEMBER [dbo] + } +BaselineAdjustedResult : { + Status: NonFinding + Results not in baseline:{} + Results only in baseline:{} + Baseline: + { + Update Time: 12/20/2020 3:33:31 PM + Expected Results: + {dbo, db_owner, SQL_USER} + } + } +RuleMetadata : { + Rule id: VA2108 + Severity: High + Category: AuthenticationAndAuthorization + Rule type: BaselineExpected + Title: Minimal set of principals should be members of fixed high impact database roles + Description: SQL Server provides roles to help manage the permissions. Roles are security + principals that group other principals. Database-level roles are database-wide in their + permission scope. This rule checks that a minimal set of principals are members of the fixed + database roles. + Rationale: Fixed database roles may have administrative permissions on the system. + Following the principle of least privilege, it is important to minimize membership in fixed + database roles and keep a baseline of these memberships. See https://docs.microsoft.com/en-us/ + sql/relational-databases/security/authentication-access/database-level-roles for additional + information on database roles. + Query check: + { + Query: + SELECT user_name(sr.member_principal_id) as [Principal] ,user_name(sr.role_principal_id) + as [Role] ,type_desc as [Principal Type] FROM sys.database_role_members AS sr INNER JOIN + sys.database_principals sp ON sp.principal_id = sr.member_principal_id WHERE + sr.role_principal_id IN (user_id('bulkadmin'), + user_id('db_accessadmin'), user_id('db_securityadmin'), + user_id('db_ddladmin'), + user_id('db_backupoperator'), user_id('db_owner')) + Column Names: + Principal, Role, Principal Type + Expected Results: + {} + } + Benchmark References: + { + Benchmark: FedRAMP + Reference: + } + } +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/micr + osoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeas + t.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 + /sqlServers/AHABASDEV01SRV/databases/master/providers/Microsoft.Security/sqlVulnerabilityAsses + sments/default/scans/5cded390-68c4-4f5b-9ce6-b8a7a12b288b/scanResults/VA2108 +Name : VA2108 +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults +``` + +Example of using resource id parameter set. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +### Example 2 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentScanResult -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" + +RuleId : VA2108 +Status : Finding +IsTrimmed : False +QueryResults : {dbo db_owner SQL_USER} +Remediation : { + Remove members who should not have access to the database role + IsAutimated: True + Portal Link: + Script: + ALTER ROLE [db_owner] DROP MEMBER [dbo] + } +BaselineAdjustedResult : { + Status: Finding + Results not in baseline: + {dbo, db_owner, SQL_USER} + Results only in baseline: + {dbo, db_owner1, SQL_USER} + Baseline: + { + Update Time: 3/24/2021 3:59:39 PM + Expected Results: + {dbo, db_owner1, SQL_USER}} + } +RuleMetadata : { + Rule id: VA2108 + Severity: High + Category: AuthenticationAndAuthorization + Rule type: BaselineExpected + Title: Minimal set of principals should be members of fixed high impact database roles + Description: SQL Server provides roles to help manage the permissions. Roles are security principals that group other principals. Database-level roles are database-wide in their permission scope. This rule checks that a minimal set of principals are members of the fixed database roles. + Rationale: Fixed database roles may have administrative permissions on the system. Following the principle of least privilege, it is important to minimize membership in fixed database roles and keep a baseline of these memberships. See + https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles for additional information on database roles. + Query check: + { + Query: + SELECT user_name(sr.member_principal_id) as [Principal] ,user_name(sr.role_principal_id) as [Role] ,type_desc as [Principal Type] FROM sys.database_role_members AS sr INNER JOIN sys.database_principals sp ON sp.principal_id = sr.member_principal_id WHERE sr.role_principal_id IN + (user_id('bulkadmin'), user_id('db_accessadmin'), user_id('db_securityadmin'), user_id('db_ddladmin'), user_id('db_backupoperator'), + user_id('db_owner')) + Column Names: + Principal, Role, Principal Type + Expected Results: + {}} + Benchmark References: + { + Benchmark: FedRAMP + Reference: + } + } +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServe + rs/AHABASDEV01SRV/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/bdbdf860-5d58-464b-ad9a-0125af63c162/scanResults/VA2108 +Name : VA2108 +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults +``` + +Example for using on premise parameters. scan id is not specified so it gets results for latest. + +### Example 3 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentScanResult -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master + +RuleId : VA1017 +Status : NonFinding +IsTrimmed : False +QueryResults : {} +Remediation : { + Revoke EXECUTE permission on xp_cmdshell to all users (except dbo) + IsAutimated: False + Portal Link: + Script: + {} + } +BaselineAdjustedResult : {} +RuleMetadata : { + Rule id: VA1017 + Severity: High + Category: AuthenticationAndAuthorization + Rule type: NegativeList + Title: Execute permissions on xp_cmdshell from all users (except dbo) should be revoked. + Description: The xp_cmdshell extended stored procedure spawns a Windows command shell, passing in a string for execution. This rule checks that no users (except users with the CONTROL SERVER permission like members of the sysadmin server role) have permission to execute the xp_cmdshell ext + ended stored procedure. + Rationale: The xp_cmdshell extended stored procedure is a very powerful tool, but because of that, it is crucial that access to xp_cmdshell be tightly controlled. By default, only users with the CONTROL SERVER permission like members of the sysadmin server role can execute this extended + stored procedure. When first enabled, xp_cmdshell has the same security context as the SQL Server service account. The SQL Server service account is often more privileged than necessary for the work being performed by the process created by xp_cmdshell. As such, malicious users can attempt  + to elevate their privileges by using xp_cmdshell. See https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql for more information on xp_cmdshell. + Query check: + { + Query: + SELECT dpr.name AS [Principal] FROM sys.database_permissions AS dp JOIN sys.database_principals AS dpr ON dp.grantee_principal_id = dpr.principal_id WHERE major_id = OBJECT_ID('xp_cmdshell') AND dp.[type] = 'EX' AND [state] IN ( 'G' ,'W' ) + Column Names: + + Expected Results: + {}} + Benchmark References: + { + Benchmark: FedRAMP + Reference: + } + } +Id : /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onpremisemachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServe + rs/AHABASDEV01SRV/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/bdbdf860-5d58-464b-ad9a-0125af63c162/scanResults/VA1017 +Name : VA1017 +Type : Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults + +RuleId : VA1018 +Status : Finding +IsTrimmed : False +QueryResults : {True} +Remediation : { + Install the latest SQL Server CU corresponding to your version of SQL Server. Go to https://technet.microsoft.com/en-us/sqlserver/ff803383.aspx to find and download the required CU. + IsAutimated: True + Portal Link: + Script: + {} + } +BaselineAdjustedResult : {} +RuleMetadata : { + Rule id: VA1018 + Severity: High + Category: InstallationUpdatesAndPatches + Rule type: Binary + Title: Latest updates should be installed + Description: Microsoft periodically releases Cumulative Updates (CUs) for each version of SQL Server. This rule checks whether the latest CU has been installed for the particular version of SQL Server being used. + Rationale: Running with the latest Cumulative Updates (CU) for any particular version of SQL Server is important as these CU are a collection of all available patches up-to-date, including all known security fixes. Microsoft officially recommends ongoing, proactive installation of SQL + Server CUs as they become available. + Query check: + { + Query: + SELECT CASE WHEN Serverproperty('ProductVersion') >= '14.0.3356.20' THEN 0 ELSE 1 END AS [Violation] + Column Names: + Violation + Expected Results: + {False}} + Benchmark References: + { + Benchmark: CIS + Reference: v1.0.0-08-11-2017:1.1 + }, { + Benchmark: FedRAMP + Reference: + } + } +... +``` + +In this example when the rule id is not specified all scan results all returned for the scan id in use. + +## PARAMETERS + +### -AgentId +Agent ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Computer full name - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Database +Database name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceId +ID of the security resource that you want to invoke the command on. + +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +```yaml +Type: System.String +Parameter Sets: ResourceId +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RuleId +Vulnerability Assessment rule ID + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ScanId +Vulnerability Assessment scan ID - use scanId = 'latest' to get latest results + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Server name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VmUuid +Virtual machine universal unique identifier - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceId +Workspace ID. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceResourceId +Workspace resource ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentScanResult + +## NOTES + +## RELATED LINKS diff --git a/src/Security/Security/help/Remove-AzSecuritySqlVulnerabilityAssessmentBaseline.md b/src/Security/Security/help/Remove-AzSecuritySqlVulnerabilityAssessmentBaseline.md new file mode 100644 index 000000000000..46329f63ba54 --- /dev/null +++ b/src/Security/Security/help/Remove-AzSecuritySqlVulnerabilityAssessmentBaseline.md @@ -0,0 +1,327 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Security.dll-Help.xml +Module Name: Az.Security +online version: https://docs.microsoft.com/powershell/module/az.security/remove-azsecuritysqlvulnerabilityassessmentbaseline +schema: 2.0.0 +--- + +# Remove-AzSecuritySqlVulnerabilityAssessmentBaseline + +## SYNOPSIS +Removes SQL Vulnerability Assesment baseline. + +## SYNTAX + +### ResourceId (Default) +``` +Remove-AzSecuritySqlVulnerabilityAssessmentBaseline -RuleId [-PassThru] [-Force] -ResourceId + -WorkspaceId -Server -Database [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + +### OnPremMachines +``` +Remove-AzSecuritySqlVulnerabilityAssessmentBaseline -RuleId [-PassThru] [-Force] -WorkspaceId + -Server -Database -ComputerName -VmUuid -AgentId + -WorkspaceResourceId [-DefaultProfile ] [-WhatIf] [-Confirm] + [] +``` + +### InputObject +``` +Remove-AzSecuritySqlVulnerabilityAssessmentBaseline -InputObject + [-PassThru] [-Force] [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Removes SQL Vulnerability Assesment baseline. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Remove-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" + +Removing baseline for VA2108 +Are you sure you want to proceed with removing baseline for rule VA2108 +[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y +``` + +Example of using resource id parameters. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +### Example 2 +```powershell +PS C:\> Remove-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -RuleId "VA2108" + +Removing baseline for VA2108 +Are you sure you want to proceed with removing baseline for rule VA2108 +[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y +``` + +Example of using on premise parametes. + +### Example 3 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master | Remove-AzSecuritySqlVulnerabilityAssessmentBaseline -Force +``` + +Example for force removing all the baslines for all rules on a specific database. + +## PARAMETERS + +### -AgentId +Agent ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Computer full name - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Database +Database name + +```yaml +Type: System.String +Parameter Sets: ResourceId, OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Force remove baseline without confirmation + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Input Object. + +```yaml +Type: Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentBaselineResults +Parameter Sets: InputObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -PassThru +Return whether the operation was successful. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceId +ID of the security resource that you want to invoke the command on. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +```yaml +Type: System.String +Parameter Sets: ResourceId +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RuleId +Vulnerability Assessment rule ID + +```yaml +Type: System.String +Parameter Sets: ResourceId, OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Server name + +```yaml +Type: System.String +Parameter Sets: ResourceId, OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VmUuid +Virtual machine universal unique identifier - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceId +Workspace ID. + +```yaml +Type: System.String +Parameter Sets: ResourceId, OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceResourceId +Workspace resource ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: OnPremMachines +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentBaselineResults + +## OUTPUTS + +### System.Boolean + +## NOTES + +## RELATED LINKS + +[Add-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/add-azsecuritysqlvulnerabilityassessmentbaseline) + +[Get-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/get-azsecuritysqlvulnerabilityassessmentbaseline) + +[Set-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/set-azsecuritysqlvulnerabilityassessmentbaseline) \ No newline at end of file diff --git a/src/Security/Security/help/Set-AzSecuritySqlVulnerabilityAssessmentBaseline.md b/src/Security/Security/help/Set-AzSecuritySqlVulnerabilityAssessmentBaseline.md new file mode 100644 index 000000000000..d487e1032292 --- /dev/null +++ b/src/Security/Security/help/Set-AzSecuritySqlVulnerabilityAssessmentBaseline.md @@ -0,0 +1,378 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Security.dll-Help.xml +Module Name: Az.Security +online version: https://docs.microsoft.com/powershell/module/az.security/set-azsecuritysqlvulnerabilityassessmentbaseline +schema: 2.0.0 +--- + +# Set-AzSecuritySqlVulnerabilityAssessmentBaseline + +## SYNOPSIS +Sets new SQL Vulnerability Assessment baseline on a specific database discards old baseline if any exists. + +## SYNTAX + +### ResourceIdWithBaselineObject (Default) +``` +Set-AzSecuritySqlVulnerabilityAssessmentBaseline [-BaselineSet ] [-Force] -ResourceId + -WorkspaceId -Server -Database [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + +### InputObjectWithResourceId +``` +Set-AzSecuritySqlVulnerabilityAssessmentBaseline -InputObject + [-Force] -ResourceId -WorkspaceId -Server -Database + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### InputObjectBaselineWithOnPrem +``` +Set-AzSecuritySqlVulnerabilityAssessmentBaseline -InputObject + [-Force] -WorkspaceId -Server -Database -ComputerName -VmUuid + -AgentId -WorkspaceResourceId [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + +### OnPremMachinesWithBaselineObject +``` +Set-AzSecuritySqlVulnerabilityAssessmentBaseline [-BaselineSet ] [-Force] -WorkspaceId + -Server -Database -ComputerName -VmUuid -AgentId + -WorkspaceResourceId [-DefaultProfile ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +Sets new SQL Vulnerability Assessment baseline on a specific database discards old baseline if any exists. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Set-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -BaselineSet @{VA2108 = @( , @("dbo", "db_owner1", "SQL_USER"))} + +Setting baseline for +/subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServers/AHABASDEV01SRV/databas +es/master. +Are you sure you want to set baseline? - This will discard your old baseline work. +[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y + +Results WorkSpaceId +------- ----------- +{VA2108 => [[dbo, db_owner1, SQL_USER]]} ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 +``` + +Example of using resource id parameters. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + +### Example 2 +```powershell +PS C:\> Set-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master -BaselineSet @{VA2108 = @( , @("dbo", "db_owner1", "SQL_USER"))} + +Setting baseline for +/subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServers/AHABASDEV01SRV/databas +es/master. +Are you sure you want to set baseline? - This will discard your old baseline work. +[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y + +Results WorkSpaceId +------- ----------- +{VA2108 => [[dbo, db_owner1, SQL_USER]]} ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 +``` + +Example of using OnPremMachinesWithBaselineObject parameters. + +### Example 3 +```powershell +PS C:\> Set-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace -ComputerName ahabas-dev01.middleeast.corp.microsoft.com -AgentId 49640166-652f-4ee6-b48b-cfb840b8afe2 -VmUuid 4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master + +Setting baseline for +/subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332/sqlServers/AHABASDEV01SRV/databas +es/master. +Are you sure you want to set baseline? - This will discard your old baseline work. +[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y + +Results WorkSpaceId +------- ----------- +{VA1017 => [], VA1018 => [[True]], VA1020 => [], VA1022 => [[False]]…} ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 +``` + +In this example the BaselineSet is not specified thus setting all latest results as baseline. + +### Example 4 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master | Set-AzSecuritySqlVulnerabilityAssessmentBaseline -WorkspaceResourceId subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2 -ComputerName TAHERSCO-DEV.middleeast.corp.microsoft.com -AgentId 7adcdd86-adb6-4008-a254-80e0fc425c55 -VmUuid 4c4c4544-0058-3310-8032-c4c04f4a4e32 -WorkspaceId 806d6dfa-132f-488d-975b-9bcf2fcd6802 -Server SQLEXPRESS -Database master + +Setting baseline for +subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2/onPremiseMachines/TAHERSCO-DEV.middleeast.corp.microsoft.com_7adcdd86-adb6-4008-a254-80e0fc425c55_4c4c4544-0058-3310-8032-c4c04f4a4e32/sqlServers/SQLEXPRESS/data +bases/master. +Are you sure you want to set baseline? - This will discard your old baseline work. +[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y + +Results WorkSpaceId +------- ----------- +{VA2108 => [[dbo, db_owner1, SQL_USER]]} 806d6dfa-132f-488d-975b-9bcf2fcd6802 +``` + +In this example, we move baseline object from one database to another using InputObjectBaselineWithOnPrem parameter set. It's important that all the rules in source database existin the destination database otherwise the operation will fail. + +### Example 5 +```powershell +PS C:\> Get-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/ahmadtesting/providers/microsoft.operationalinsights/workspaces/ahabas-workspace/onPremiseMachines/ahabas-dev01.middleeast.corp.microsoft.com_49640166-652f-4ee6-b48b-cfb840b8afe2_4c4c4544-0030-4b10-8039-b8c04f4a3332 -WorkspaceId ba7c9d0e-a6e3-4997-b575-cf7a18a98a49 -Server AHABASDEV01SRV -Database master | Set-AzSecuritySqlVulnerabilityAssessmentBaseline -ResourceId /subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2/onPremiseMachines/TAHERSCO-DEV.middleeast.corp.microsoft.com_7adcdd86-adb6-4008-a254-80e0fc425c55_4c4c4544-0058-3310-8032-c4c04f4a4e32 -WorkspaceId 806d6dfa-132f-488d-975b-9bcf2fcd6802 -Server SQLEXPRESS -Database master + +Setting baseline for +/subscriptions/f26d1f13-67d5-4ad6-9012-67ca12d2436f/resourcegroups/talmachinegroupeuap/providers/microsoft.operationalinsights/workspaces/talworkspaceeuap2/onPremiseMachines/TAHERSCO-DEV.middleeast.corp.microsoft.com_7adcdd86-adb6-4008-a254-80e0fc425c55_4c4c4544-0058-3310-8032-c4c04f4a4e32/sqlServers/SQLEXPRESS/dat +abases/master. +Are you sure you want to set baseline? - This will discard your old baseline work. +[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y + +Results WorkSpaceId +------- ----------- +{VA2108 => [[dbo, db_owner1, SQL_USER]]} 806d6dfa-132f-488d-975b-9bcf2fcd6802 +``` + +In this example, we move baseline object from one database to another using InputObjectWithResourceId parameter set. It's important that all the rules in source database existin the destination database otherwise the operation will fail. + +## PARAMETERS + +### -AgentId +Agent ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: InputObjectBaselineWithOnPrem, OnPremMachinesWithBaselineObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -BaselineSet +Vulnerability Assessment baseline object + +```yaml +Type: System.Collections.Hashtable +Parameter Sets: ResourceIdWithBaselineObject, OnPremMachinesWithBaselineObject +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Computer full name - on premise parameter + +```yaml +Type: System.String +Parameter Sets: InputObjectBaselineWithOnPrem, OnPremMachinesWithBaselineObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Database +Database name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Force set baseline without confirmation + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Input Object. + +```yaml +Type: Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentBaselineResults +Parameter Sets: InputObjectWithResourceId, InputObjectBaselineWithOnPrem +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ResourceId +ID of the security resource that you want to invoke the command on. +Supported resources are: + +- ARC: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.HybridCompute/machines/{machineName} +- VM: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{machineName} +- On-Premise: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/onPremiseMachines/{machineName} + + +```yaml +Type: System.String +Parameter Sets: ResourceIdWithBaselineObject, InputObjectWithResourceId +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Server +Server name + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VmUuid +Virtual machine universal unique identifier - on premise parameter + +```yaml +Type: System.String +Parameter Sets: InputObjectBaselineWithOnPrem, OnPremMachinesWithBaselineObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceId +Workspace ID. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceResourceId +Workspace resource ID - on premise parameter + +```yaml +Type: System.String +Parameter Sets: InputObjectBaselineWithOnPrem, OnPremMachinesWithBaselineObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentBaselineResults + +## OUTPUTS + +### Microsoft.Azure.Commands.SecurityCenter.Models.SqlVulnerabilityAssessment.PSSqlVulnerabilityAssessmentBaselineResults + +## NOTES + +## RELATED LINKS + +[Add-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/add-azsecuritysqlvulnerabilityassessmentbaseline) + +[Remove-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/remove-azsecuritysqlvulnerabilityassessmentbaseline) + +[Get-AzSecuritySqlVulnerabilityAssessmentBaseline](https://docs.microsoft.com/powershell/module/az.security/get-azsecuritysqlvulnerabilityassessmentbaseline) diff --git a/tools/ScenarioTest.ResourceManager/Assert.ps1 b/tools/ScenarioTest.ResourceManager/Assert.ps1 index b71334d8aa10..df237ddd7e30 100644 --- a/tools/ScenarioTest.ResourceManager/Assert.ps1 +++ b/tools/ScenarioTest.ResourceManager/Assert.ps1 @@ -67,7 +67,7 @@ function Assert-ThrowsContains } catch { - if ($message -ne "") + if ($compare -ne "") { $actualMessage = $_.Exception.Message Write-Output ("Caught exception: '$actualMessage'") @@ -105,7 +105,7 @@ function Assert-ThrowsLike } catch { - if ($message -ne "") + if ($compare -ne "") { $actualMessage = $_.Exception.Message Write-Output ("Caught exception: '$actualMessage'")