[英]Vulnerability assessment enablement on Azure SQL server through ARM template
我已經通過 ARM 模板創建了我的 Azure SQL 服務器。 要啟用漏洞評估,我需要啟用高級數據安全性。 我在 SQL 服務器資源的資源括號內的 ARM 模板中使用以下代碼來啟用此功能。
{
"name": "vulnerabilityAssessments",
"type": "vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('sqlServerName'))]"
],
"properties": {
"storageContainerPath": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/vulnerability-assessment/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": "[parameters('emailaddresses')]"
}
}
},
如您所見,我將存儲帳戶設置為漏洞評估,但是在部署此帳戶時出現以下錯誤:
VulnerabilityAssessmentADSIsDisabled", "message": "Advanced Data Security should be enabled in order to use Vulnerability Assessment."
當我查看 SQL 服務器的高級數據安全刀片時,我看到已設置:
如果我手動設置存儲帳戶。 漏洞評估已啟用.... 我嘗試更改數據庫級別的漏洞評估括號並嘗試調試屬性中的存儲帳戶引用,但似乎看不到我做錯了什么或我一直忘記了什么? 有沒有人已經嘗試過這樣做了?
PS:就像您在圖像中看到的那樣,定期重復掃描已關閉,而我已在漏洞評估的重復掃描數組中啟用了此功能。
您遇到的問題是由於部署具有漏洞評估的 ARM 模板,但未先啟用高級數據安全性引起的。
您必須在 ARM 模板中部署 Advanced Data Security 並在 Vulnerability Assessment 塊中添加依賴項,因此只有在部署 Advanced Data Security 后才會部署它。
例如:
{
"apiVersion": "2017-03-01-preview",
"type": "Microsoft.Sql/servers/securityAlertPolicies",
"name": "[concat(parameters('serverName'), '/Default')]",
"properties": {
"state": "Enabled",
"disabledAlerts": [],
"emailAddresses": [],
"emailAccountAdmins": true
}
},
{
"apiVersion": "2018-06-01-preview",
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"name": "[concat(parameters('serverName'), '/Default')]",
"properties": {
"storageContainerPath": "[if(parameters('enableADS'), concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-07-01').primaryEndpoints.blob, 'vulnerability-assessment'), '')]",
"storageAccountAccessKey": "[if(parameters('enableADS'), listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-02-01').keys[0].value, '')]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": true,
"emails": []
}
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/securityAlertPolicies/Default')]"
]
}
請注意,在此示例中,我假設您使用的是現有存儲。 如果您在同一個 ARM 模板中部署存儲,您也必須為此添加一個依賴項(在“dependsOn”下):
"[concat('Microsoft.Storage/storageAccounts/', variables('storageName'))]"
我通過在不同的資源塊中拆分漏洞評估來解決此問題。 而不是把它放在 SQL 資源塊中。 新的資源塊如下所示:
{
"name": "[concat(parameters('sqlServerName'), '/vulnerabilityAssessments')]",
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('sqlServerName'))]",
"[concat('Microsoft.Sql/servers/', parameters('sqlServerName'), '/databases/', parameters('databaseName'))]"
],
"properties": {
"storageContainerPath": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/vulnerability-assessment/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": "[parameters('emailaddresses')]"
}
}
},
如何在我的 ARM (JSON) 模板中的 Azure 漏洞評估基線定義中指定多行?
[英]How do I specify multiple rows in an Azure Vulnerability Assessment baseline definition in my ARM (JSON) template?
通過 Azure CLI 進行 Azure SQL 和數據庫漏洞評估掃描
[英]Azure SQL and Database Vulnerability Assessment Scan via Azure CLI
SQL Server 的 Azure ARM 模板不打印連接字符串
[英]Azure ARM Template for SQL Server not printing connectionString
AZURE SQL DB 漏洞評估標記為數據庫防火牆設置后的高風險
[英]AZURE SQL DB Vulnerability Assessment mark High risk after Database fire wall setup
使用私有存儲帳戶創建 SQL Server 漏洞評估資源失敗
[英]Creating SQL Server vulnerability assessment resource using a private Storage Account fails
SQL漏洞評估中的“VA2065-服務器級防火牆規則”怎么辦?
[英]What to do about "VA2065 - Server-level firewall rules" in SQL Vulnerability Assessment?
如何使用 Powershell 在 Azure 漏洞評估中應用“批准為基線”
[英]How to apply "Approve as Baseline" in Azure Vulnerability Assessment using Powershell
修復 Azure Defender 和安全中心漏洞評估所需的角色是什么?
[英]What are the required Roles to remediate Azure Defender and Security Center vulnerability assessment?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.