Database Vulnerability Assessments - Get

Service:: SQL Database

API Version:: 2023-08-01

Gets the database's vulnerability assessment.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments/default?api-version=2023-08-01

URI Parameters

Name	In	Required	Type	Description
databaseName	path	True	string	The name of the database for which the vulnerability assessment is defined.
resourceGroupName	path	True	string	The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.
serverName	path	True	string	The name of the server.
subscriptionId	path	True	string	The subscription ID that identifies an Azure subscription.
vulnerabilityAssessmentName	path	True	VulnerabilityAssessmentName	The name of the vulnerability assessment.
api-version	query	True	string	The API version to use for the request.

Responses

Name	Type	Description
200 OK	DatabaseVulnerabilityAssessment	Successfully retrieved the database vulnerability assessment.
Other Status Codes	ErrorResponse	* Error Responses: * 400 VulnerabilityAssessmentInsufficientStorageAccountPermissions - Insufficient permissions on the provided storage account. 400 VulnerabilityAssessmentStorageAccountIsDisabled - The provided storage account is disabled. 400 DatabaseVulnerabilityAssessmentMissingStorageContainerPath - Storage container path must be provided if it isn't set in server level policy 400 VulnerabilityAssessmentStorageOutboundFirewallNotAllowed - The storage account is not in the list of Outbound Firewall Rules. 400 VulnerabilityAssessmentADSIsDisabled - Advanced Data Security should be enabled in order to use Vulnerability Assessment. 400 InvalidStorageAccountName - The provided storage account is not valid or does not exist. 400 VulnerabilityAssessmentUnsupportedStorageAccount - The provided storage account is unsupported. 400 InvalidStorageAccountCredentials - The provided storage account shared access signature or account storage key is not valid. 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance. 404 SubscriptionDoesNotHaveServer - The requested server was not found 404 SourceDatabaseNotFound - The source database does not exist. 500 DatabaseIsUnavailable - Loading failed. Please try again later.

Name

Type

Description

200 OK

DatabaseVulnerabilityAssessment

Successfully retrieved the database vulnerability assessment.

Other Status Codes

ErrorResponse

*** Error Responses: ***

400 VulnerabilityAssessmentInsufficientStorageAccountPermissions - Insufficient permissions on the provided storage account.
400 VulnerabilityAssessmentStorageAccountIsDisabled - The provided storage account is disabled.
400 DatabaseVulnerabilityAssessmentMissingStorageContainerPath - Storage container path must be provided if it isn't set in server level policy
400 VulnerabilityAssessmentStorageOutboundFirewallNotAllowed - The storage account is not in the list of Outbound Firewall Rules.
400 VulnerabilityAssessmentADSIsDisabled - Advanced Data Security should be enabled in order to use Vulnerability Assessment.
400 InvalidStorageAccountName - The provided storage account is not valid or does not exist.
400 VulnerabilityAssessmentUnsupportedStorageAccount - The provided storage account is unsupported.
400 InvalidStorageAccountCredentials - The provided storage account shared access signature or account storage key is not valid.
404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.
404 SubscriptionDoesNotHaveServer - The requested server was not found
404 SourceDatabaseNotFound - The source database does not exist.
500 DatabaseIsUnavailable - Loading failed. Please try again later.

Examples

Get a database's vulnerability assessment

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default?api-version=2023-08-01

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Sql.Models;
using Azure.ResourceManager.Sql;

// Generated from example definition: specification/sql/resource-manager/Microsoft.Sql/stable/2023-08-01/examples/DatabaseVulnerabilityAssessmentGet.json
// this example is just showing the usage of "DatabaseVulnerabilityAssessments_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SqlDatabaseVulnerabilityAssessmentResource created on azure
// for more information of creating SqlDatabaseVulnerabilityAssessmentResource, please refer to the document of SqlDatabaseVulnerabilityAssessmentResource
string subscriptionId = "00000000-1111-2222-3333-444444444444";
string resourceGroupName = "vulnerabilityaseessmenttest-4799";
string serverName = "vulnerabilityaseessmenttest-6440";
string databaseName = "testdb";
VulnerabilityAssessmentName vulnerabilityAssessmentName = VulnerabilityAssessmentName.Default;
ResourceIdentifier sqlDatabaseVulnerabilityAssessmentResourceId = SqlDatabaseVulnerabilityAssessmentResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, serverName, databaseName, vulnerabilityAssessmentName);
SqlDatabaseVulnerabilityAssessmentResource sqlDatabaseVulnerabilityAssessment = client.GetSqlDatabaseVulnerabilityAssessmentResource(sqlDatabaseVulnerabilityAssessmentResourceId);

// invoke the operation
SqlDatabaseVulnerabilityAssessmentResource result = await sqlDatabaseVulnerabilityAssessment.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DatabaseVulnerabilityAssessmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/vulnerabilityaseessmenttest-4799/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest-6440/databases/testdb/vulnerabilityAssessments/default",
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
  "properties": {
    "recurringScans": {
      "isEnabled": true,
      "emailSubscriptionAdmins": true,
      "emails": [
        "email1@mail.com",
        "email2@mail.com"
      ]
    }
  }
}

Definitions

Name	Description
DatabaseVulnerabilityAssessment	A database vulnerability assessment.
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
ErrorResponse	Error response
VulnerabilityAssessmentName	The name of the vulnerability assessment.
VulnerabilityAssessmentRecurringScansProperties	Properties of a Vulnerability Assessment recurring scans.

DatabaseVulnerabilityAssessment

Object

A database vulnerability assessment.

Name	Type	Description
id	string	Resource ID.
name	string	Resource name.
properties.recurringScans	VulnerabilityAssessmentRecurringScansProperties	The recurring scans settings
properties.storageAccountAccessKey	string	Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall
properties.storageContainerPath	string	A blob storage container path to hold the scan results (e.g. `https://myStorage.blob.core.windows.net/VaScans/`). It is required if server level vulnerability assessment policy doesn't set
properties.storageContainerSasKey	string	A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall
type	string	Resource type.

ErrorAdditionalInfo

Object

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

Object

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorResponse

Object

Error response

Name	Type	Description
error	ErrorDetail	The error object.

VulnerabilityAssessmentName

Enumeration

The name of the vulnerability assessment.

Value	Description
default

VulnerabilityAssessmentRecurringScansProperties

Object

Properties of a Vulnerability Assessment recurring scans.

Name	Type	Default value	Description
emailSubscriptionAdmins	boolean	True	Specifies that the schedule scan notification will be is sent to the subscription administrators.
emails	string[]		Specifies an array of e-mail addresses to which the scan notification is sent.
isEnabled	boolean		Recurring scans state.

Share via

Database Vulnerability Assessments - Get

URI Parameters

Responses

Examples

Get a database's vulnerability assessment

Sample request

Sample response

Definitions

DatabaseVulnerabilityAssessment

ErrorAdditionalInfo

ErrorDetail

ErrorResponse

VulnerabilityAssessmentName

VulnerabilityAssessmentRecurringScansProperties