Start-AzSqlDatabaseVulnerabilityAssessmentScan
Starts a vulnerability assessment scan.
Syntax
Default (Default)
Start-AzSqlDatabaseVulnerabilityAssessmentScan
[-ServerName] <String>
[-DatabaseName] <String>
[-InputObject <AzureSqlDatabaseModel>]
[-AsJob]
[-ScanId <String>]
[-ResourceGroupName] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Start-AzSqlDatabaseVulnerabilityAssessmentScan cmdlet triggers a scan with ScanId identifier.
Scan results will be saved under the storage defined by the Update-AzSqlServerVulnerabilityAssessmentSetting cmdlet, under scans/{ServerName}/{DatabaseName}/scan_{ScanId}.json
You can monitor the progress of the scan by using the Get-AzSqlDatabaseVulnerabilityAssessmentScanRecord cmdlet with the scanId parameter and look at the State returned parameter.
Note that you need to run Enable-AzSqlServerAdvancedDataSecurity and Update-AzSqlServerVulnerabilityAssessmentSetting cmdlet as a prerequisite for using this cmdlets.
Examples
Example 1: Starts a vulnerability assessment scan
Start-AzSqlDatabaseVulnerabilityAssessmentScan `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
-DatabaseName "Database01" `
-ScanId "myScan"
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : myScan
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9
Example 2: Starts a vulnerability assessment scan without a specific scan ID
Start-AzSqlDatabaseVulnerabilityAssessmentScan `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
-DatabaseName "Database01"
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : 20180611_135726
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9
This command generates a scan ID in the format of "yyyyMMdd_HHmmss" from the UTC date time.
Example 3: Starts a vulnerability assessment scan in the background
$scanJob = Start-AzSqlDatabaseVulnerabilityAssessmentScan `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
-DatabaseName "Database01" `
-ScanId "myScan" `
-AsJob
$scanJob | Wait-Job
$scanJob | Receive-Job
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : myScan
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9
Example 4: Starts a vulnerability assessment scan with a database object
Get-AzSqlDatabase `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
-DatabaseName "Database01" `
| Start-AzSqlDatabaseVulnerabilityAssessmentScan
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : 20180611_135726
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9
Example 5: Starts a vulnerability assessment scan on all the databases under a server
Get-AzSqlDatabase `
-ResourceGroupName "ResourceGroup01" `
-ServerName "Server01" `
| Where-Object {$_.DatabaseName -ne "master"} `
| Start-AzSqlDatabaseVulnerabilityAssessmentScan
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database01
ScanId : 20180611_135726
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9
ResourceGroupName : ResourceGroup01
ServerName : Server01
DatabaseName : Database02
ScanId : 20180611_135726
TriggerType : OnDemand
State : Fail
StartTime : 6/11/2018 1:57:27 PM
EndTime : 6/11/2018 1:57:31 PM
Errors : {}
ScanResultsLocationPath : https://myaccount.blob.core.windows.net/vulnerability-assessment
scans/Server01/Database01/scan_myScan.json
NumberOfFailedSecurityChecks : 9
Parameters
-AsJob
Run cmdlet in the background
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DatabaseName
SQL Database name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: 2 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
The database object to get Vulnerability Assessment settings for
(All)
Position: Named Mandatory: False Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
The name of the resource group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ScanId
Specifies the scan ID.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ServerName
SQL Database server name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
