diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_Get.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_Get.json new file mode 100644 index 000000000000..ae6f169aa215 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_Get.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "scanId": "Scheduled-20200623", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623", + "name": "Scheduled-20200623", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans", + "properties": { + "triggerType": "Recurring", + "state": "Failed", + "server": "server1", + "database": "master", + "sqlVersion": "15.0.2000", + "startTime": "2020-06-23T06:49:00.6455136+00:00", + "endTime": "2020-06-23T06:49:00.7236217Z", + "highSeverityFailedRulesCount": 3, + "mediumSeverityFailedRulesCount": 2, + "lowSeverityFailedRulesCount": 1, + "totalPassedRulesCount": 20, + "totalFailedRulesCount": 6, + "totalRulesCount": 26, + "isBaselineApplied": false, + "lastScanTime": "2020-06-23T06:49:00.6455136+00:00" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_GetLatest.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_GetLatest.json new file mode 100644 index 000000000000..9b561c266303 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_GetLatest.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "scanId": "latest", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623", + "name": "Scheduled-20200623", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans", + "properties": { + "triggerType": "Recurring", + "state": "Failed", + "server": "server1", + "database": "master", + "sqlVersion": "15.0.2000", + "startTime": "2020-06-23T06:49:00.6455136+00:00", + "endTime": "2020-06-23T06:49:00.7236217Z", + "highSeverityFailedRulesCount": 3, + "mediumSeverityFailedRulesCount": 2, + "lowSeverityFailedRulesCount": 1, + "totalPassedRulesCount": 20, + "totalFailedRulesCount": 6, + "totalRulesCount": 26, + "isBaselineApplied": false, + "lastScanTime": "2020-06-23T06:49:00.6455136+00:00" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_List.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_List.json new file mode 100644 index 000000000000..34b7988544af --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_List.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200225", + "name": "Scheduled-20200225", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans", + "properties": { + "triggerType": "Recurring", + "state": "Failed", + "server": "server1", + "database": "master", + "sqlVersion": "15.0.2000", + "startTime": "2020-02-25T11:34:29.1399864Z", + "endTime": "2020-02-25T11:38:07.8606151Z", + "highSeverityFailedRulesCount": 3, + "mediumSeverityFailedRulesCount": 2, + "lowSeverityFailedRulesCount": 1, + "totalPassedRulesCount": 20, + "totalFailedRulesCount": 6, + "totalRulesCount": 26, + "isBaselineApplied": false, + "lastScanTime": "2020-06-23T06:49:00.6455136+00:00" + } + }, + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/scan_20200226_113429", + "name": "scan_20200226_113429", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans", + "properties": { + "triggerType": "OnDemand", + "state": "Passed", + "server": "server1", + "database": "master", + "sqlVersion": "15.0.2000", + "startTime": "2020-02-26T11:34:29.1399864Z", + "endTime": "2020-02-26T11:38:07.8606151Z", + "highSeverityFailedRulesCount": 0, + "mediumSeverityFailedRulesCount": 0, + "lowSeverityFailedRulesCount": 0, + "totalPassedRulesCount": 26, + "totalFailedRulesCount": 0, + "totalRulesCount": 26, + "isBaselineApplied": true, + "lastScanTime": "2020-06-23T06:49:00.6455136+00:00" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Add.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Add.json new file mode 100644 index 000000000000..b373f5ddac50 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Add.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "ruleId": "VA1234", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", + "body": { + "latestScan": false, + "results": { + "VA1234": [ + [ + "userA", + "SELECT" + ], + [ + "userB", + "SELECT" + ] + ], + "VA5678": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ] + } + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1234", + "name": "VA1234", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules", + "properties": { + "results": [ + [ + "userA", + "SELECT" + ], + [ + "userB", + "SELECT" + ] + ] + } + }, + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA5678", + "name": "VA5678", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules", + "properties": { + "results": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_AddLatest.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_AddLatest.json new file mode 100644 index 000000000000..9f161dbc520e --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_AddLatest.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "ruleId": "VA1234", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", + "body": { + "latestScan": true, + "results": {} + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1234", + "name": "VA1234", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules", + "properties": { + "results": [ + [ + "userA", + "SELECT" + ], + [ + "userB", + "SELECT" + ] + ] + } + }, + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA5678", + "name": "VA5678", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules", + "properties": { + "results": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Delete.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Delete.json new file mode 100644 index 000000000000..4648863781ff --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Delete.json @@ -0,0 +1,12 @@ +{ + "parameters": { + "ruleId": "VA1234", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Get.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Get.json new file mode 100644 index 000000000000..d4968b2d6cd6 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Get.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "ruleId": "VA1234", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1234", + "name": "VA1234", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules", + "properties": { + "results": [ + [ + "userA", + "SELECT" + ], + [ + "userB", + "SELECT" + ] + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_List.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_List.json new file mode 100644 index 000000000000..aeb238ff2990 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_List.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1234", + "name": "VA1234", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules", + "properties": { + "results": [ + [ + "userA", + "SELECT" + ], + [ + "userB", + "SELECT" + ] + ] + } + }, + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA5678", + "name": "VA5678", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules", + "properties": { + "results": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Put.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Put.json new file mode 100644 index 000000000000..433f02e2a98c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Put.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "ruleId": "VA1234", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", + "body": { + "latestScan": false, + "results": [ + [ + "userA", + "SELECT" + ], + [ + "userB", + "SELECT" + ] + ] + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1234", + "name": "VA1234", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules", + "properties": { + "results": [ + [ + "userA", + "SELECT" + ], + [ + "userB", + "SELECT" + ] + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_PutLatest.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_PutLatest.json new file mode 100644 index 000000000000..969a69dd08db --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_PutLatest.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "ruleId": "VA1234", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master", + "body": { + "latestScan": true, + "results": [] + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1234", + "name": "VA1234", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules", + "properties": { + "results": [ + [ + "userA", + "SELECT" + ], + [ + "userB", + "SELECT" + ] + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json new file mode 100644 index 000000000000..9dd91ded1b84 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "scanId": "Scheduled-20200623", + "scanResultId": "VA2063", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063", + "name": "VA2063", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults", + "properties": { + "ruleId": "VA2063", + "status": "Finding", + "isTrimmed": false, + "queryResults": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ], + "remediation": { + "description": "Remove server firewall rules that grant excessive access", + "scripts": [ + "EXECUTE sp_delete_firewall_rule N'Test';" + ], + "automated": false, + "portalLink": "ReviewServerFirewallRules" + }, + "baselineAdjustedResult": { + "baseline": { + "expectedResults": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ], + "updatedTime": "2020-02-04T12:49:41.027771+00:00" + }, + "status": "NonFinding", + "resultsNotInBaseline": [], + "resultsOnlyInBaseline": [] + }, + "ruleMetadata": { + "ruleId": "VA2063", + "severity": "High", + "category": "SurfaceAreaReduction", + "ruleType": "NegativeList", + "title": "Server-level firewall rules should not grant excessive access", + "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.", + "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.", + "queryCheck": { + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;", + "expectedResult": [], + "columnNames": [ + "Firewall Rule Name", + "Start Address", + "End Address" + ] + }, + "benchmarkReferences": [] + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json new file mode 100644 index 000000000000..1f49891bf4e0 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "scanId": "latest", + "scanResultId": "VA2063", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063", + "name": "VA2063", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults", + "properties": { + "ruleId": "VA2063", + "status": "Finding", + "isTrimmed": false, + "queryResults": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ], + "remediation": { + "description": "Remove server firewall rules that grant excessive access", + "scripts": [ + "EXECUTE sp_delete_firewall_rule N'Test';" + ], + "automated": false, + "portalLink": "ReviewServerFirewallRules" + }, + "baselineAdjustedResult": { + "baseline": { + "expectedResults": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ], + "updatedTime": "2020-02-04T12:49:41.027771+00:00" + }, + "status": "NonFinding", + "resultsNotInBaseline": [], + "resultsOnlyInBaseline": [] + }, + "ruleMetadata": { + "ruleId": "VA2063", + "severity": "High", + "category": "SurfaceAreaReduction", + "ruleType": "NegativeList", + "title": "Server-level firewall rules should not grant excessive access", + "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.", + "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.", + "queryCheck": { + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;", + "expectedResult": [], + "columnNames": [ + "Firewall Rule Name", + "Start Address", + "End Address" + ] + }, + "benchmarkReferences": [] + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json new file mode 100644 index 000000000000..92d11dca8a78 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json @@ -0,0 +1,112 @@ +{ + "parameters": { + "scanId": "Scheduled-20200623", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062", + "name": "VA2062", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults", + "properties": { + "ruleId": "VA2062", + "status": "NonFinding", + "isTrimmed": false, + "queryResults": [], + "remediation": { + "description": "Remove database firewall rules that grant excessive access", + "scripts": [], + "automated": false, + "portalLink": "" + }, + "baselineAdjustedResult": null, + "ruleMetadata": { + "ruleId": "VA2062", + "severity": "High", + "category": "SurfaceAreaReduction", + "ruleType": "NegativeList", + "title": "Database-level firewall rules should not grant excessive access", + "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.", + "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.", + "queryCheck": { + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;", + "expectedResult": [], + "columnNames": [ + "Firewall Rule Name", + "Start Address", + "End Address" + ] + }, + "benchmarkReferences": [] + } + } + }, + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063", + "name": "VA2063", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults", + "properties": { + "ruleId": "VA2063", + "status": "Finding", + "isTrimmed": false, + "queryResults": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ], + "remediation": { + "description": "Remove server firewall rules that grant excessive access", + "scripts": [ + "EXECUTE sp_delete_firewall_rule N'Test';" + ], + "automated": false, + "portalLink": "ReviewServerFirewallRules" + }, + "baselineAdjustedResult": { + "baseline": { + "expectedResults": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ], + "updatedTime": "2020-02-04T12:49:41.027771+00:00" + }, + "status": "NonFinding", + "resultsNotInBaseline": [], + "resultsOnlyInBaseline": [] + }, + "ruleMetadata": { + "ruleId": "VA2063", + "severity": "High", + "category": "SurfaceAreaReduction", + "ruleType": "NegativeList", + "title": "Server-level firewall rules should not grant excessive access", + "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.", + "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.", + "queryCheck": { + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;", + "expectedResult": [], + "columnNames": [ + "Firewall Rule Name", + "Start Address", + "End Address" + ] + }, + "benchmarkReferences": [] + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json new file mode 100644 index 000000000000..870837db46d4 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json @@ -0,0 +1,112 @@ +{ + "parameters": { + "scanId": "latest", + "workspaceId": "55555555-6666-7777-8888-999999999999", + "api-version": "2023-02-01-preview", + "resourceId": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2062", + "name": "VA2062", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults", + "properties": { + "ruleId": "VA2062", + "status": "NonFinding", + "isTrimmed": false, + "queryResults": [], + "remediation": { + "description": "Remove database firewall rules that grant excessive access", + "scripts": [], + "automated": false, + "portalLink": "" + }, + "baselineAdjustedResult": null, + "ruleMetadata": { + "ruleId": "VA2062", + "severity": "High", + "category": "SurfaceAreaReduction", + "ruleType": "NegativeList", + "title": "Database-level firewall rules should not grant excessive access", + "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master and user databases can only be created and managed through Transact-SQL (unlike server-level firewall rules which can also be created and managed using the Azure portal or PowerShell). For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that database-level firewall rules do not grant excessive access.", + "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process - to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected database.\n\nGranting excessive access using database firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your database. In fact, it's the equivalent of placing the database outside of the firewall.", + "queryCheck": { + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;", + "expectedResult": [], + "columnNames": [ + "Firewall Rule Name", + "Start Address", + "End Address" + ] + }, + "benchmarkReferences": [] + } + } + }, + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Rg/providers/Microsoft.HybridCompute/machines/MyMachine/sqlServers/server1/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20200623/scanResults/VA2063", + "name": "VA2063", + "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults", + "properties": { + "ruleId": "VA2063", + "status": "Finding", + "isTrimmed": false, + "queryResults": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ], + "remediation": { + "description": "Remove server firewall rules that grant excessive access", + "scripts": [ + "EXECUTE sp_delete_firewall_rule N'Test';" + ], + "automated": false, + "portalLink": "ReviewServerFirewallRules" + }, + "baselineAdjustedResult": { + "baseline": { + "expectedResults": [ + [ + "Test", + "0.0.0.0", + "125.125.125.125" + ] + ], + "updatedTime": "2020-02-04T12:49:41.027771+00:00" + }, + "status": "NonFinding", + "resultsNotInBaseline": [], + "resultsOnlyInBaseline": [] + }, + "ruleMetadata": { + "ruleId": "VA2063", + "severity": "High", + "category": "SurfaceAreaReduction", + "ruleType": "NegativeList", + "title": "Server-level firewall rules should not grant excessive access", + "description": "The Azure SQL server-level firewall helps protect your server by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request.\n\nServer-level firewall rules can only be created and managed through Transact-SQL as well as through the Azure portal or PowerShell. For more details please see: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure\n\nThis check verifies that server-level firewall rules do not grant excessive access.", + "rationale": "Often, administrators add rules that grant excessive access as part of a troubleshooting process � to eliminate the firewall as the source of a problem, they simply create a rule that allows all traffic to pass to the affected server.\n\nGranting excessive access using server firewall rules is a clear security concern, as it violates the principle of least privilege by allowing unnecessary access to your databases. In fact, it's the equivalent of placing the server outside of the firewall.", + "queryCheck": { + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.firewall_rules\nWHERE ( \n (CONVERT(bigint, parsename(end_ip_address, 1)) +\n CONVERT(bigint, parsename(end_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(end_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(end_ip_address, 4)) * 16777216 ) \n - \n (CONVERT(bigint, parsename(start_ip_address, 1)) +\n CONVERT(bigint, parsename(start_ip_address, 2)) * 256 + \n CONVERT(bigint, parsename(start_ip_address, 3)) * 65536 + \n CONVERT(bigint, parsename(start_ip_address, 4)) * 16777216 )\n ) > 255;", + "expectedResult": [], + "columnNames": [ + "Firewall Rule Name", + "Start Address", + "End Address" + ] + }, + "benchmarkReferences": [] + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsBaselineRuleOperations.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsBaselineRuleOperations.json new file mode 100644 index 000000000000..38966d49258b --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsBaselineRuleOperations.json @@ -0,0 +1,412 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "version": "2023-02-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "paths": { + "/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/{ruleId}": { + "put": { + "tags": [ + "Sql Vulnerability Assessment Baseline Rules" + ], + "summary": "Creates a Baseline for a rule in a database. Will overwrite any previously existing results.", + "operationId": "SqlVulnerabilityAssessmentBaselineRules_CreateOrUpdate", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "ruleId", + "description": "The rule Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "workspaceId", + "description": "The workspace Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "api-version", + "description": "The api version.", + "required": true, + "type": "string" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "in": "body", + "name": "body", + "description": "The baseline results for this rule.", + "schema": { + "$ref": "#/definitions/RuleResultsInput" + } + } + ], + "responses": { + "200": { + "description": "Successfully set the vulnerability assessment rule baseline.", + "schema": { + "$ref": "#/definitions/RuleResults" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create a baseline": { + "$ref": "./examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Put.json" + }, + "Create a baseline using the latest scan results": { + "$ref": "./examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_PutLatest.json" + } + } + }, + "get": { + "tags": [ + "Sql Vulnerability Assessment Baseline Rules" + ], + "summary": "Gets the results for a given rule in the Baseline.", + "operationId": "SqlVulnerabilityAssessmentBaselineRules_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "ruleId", + "description": "The rule Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "workspaceId", + "description": "The workspace Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "api-version", + "description": "The api version.", + "required": true, + "type": "string" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + } + ], + "responses": { + "200": { + "description": "Successfully got the vulnerability assessment rule baseline.", + "schema": { + "$ref": "#/definitions/RuleResults" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get the baseline": { + "$ref": "./examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Get.json" + } + } + }, + "delete": { + "tags": [ + "Sql Vulnerability Assessment Baseline Rules" + ], + "summary": "Deletes a rule from the Baseline of a given database.", + "operationId": "SqlVulnerabilityAssessmentBaselineRules_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "ruleId", + "description": "The rule Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "workspaceId", + "description": "The workspace Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "api-version", + "description": "The api version.", + "required": true, + "type": "string" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + } + ], + "responses": { + "200": { + "description": "Successfully removed the database vulnerability assessment rule baseline." + }, + "204": { + "description": "Rule baseline doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete the baseline": { + "$ref": "./examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Delete.json" + } + } + } + }, + "/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules": { + "get": { + "tags": [ + "Sql Vulnerability Assessment Baseline Rules" + ], + "summary": "Gets the results for all rules in the Baseline.", + "operationId": "SqlVulnerabilityAssessmentBaselineRules_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "workspaceId", + "description": "The workspace Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "api-version", + "description": "The api version.", + "required": true, + "type": "string" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + } + ], + "responses": { + "200": { + "description": "Successfully removed the database vulnerability assessment rule baseline.", + "schema": { + "$ref": "#/definitions/RulesResults" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "List baseline for all rules": { + "$ref": "./examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_List.json" + } + } + }, + "post": { + "tags": [ + "Sql Vulnerability Assessment Baseline Rules" + ], + "summary": "Add a list of baseline rules. Will overwrite any previously existing results (for all rules).", + "operationId": "SqlVulnerabilityAssessmentBaselineRules_Add", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "workspaceId", + "description": "The workspace Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "api-version", + "description": "The api version.", + "required": true, + "type": "string" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "in": "body", + "name": "body", + "description": "The baseline rules.", + "schema": { + "$ref": "#/definitions/RulesResultsInput" + } + } + ], + "responses": { + "200": { + "description": "Successfully removed the database vulnerability assessment rule baseline.", + "schema": { + "$ref": "#/definitions/RulesResults" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create a baseline for all rules": { + "$ref": "./examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_Add.json" + }, + "Create a baseline for all rules using the latest scan results": { + "$ref": "./examples/sqlVulnerabilityAssessmentsBaselineRuleOperations/ArcMachineBaselineRules_AddLatest.json" + } + } + } + } + }, + "definitions": { + "RuleResultsInput": { + "description": "Rule results input.", + "type": "object", + "properties": { + "latestScan": { + "description": "Take results from latest scan.", + "type": "boolean" + }, + "results": { + "description": "Expected results to be inserted into the baseline.\r\nLeave this field empty it LatestScan == true.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "RuleResultsProperties": { + "description": "Rule results properties.", + "type": "object", + "properties": { + "results": { + "description": "Expected results in the baseline.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "RuleResults": { + "description": "Rule results.", + "type": "object", + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/RuleResultsProperties" + } + } + }, + "RulesResults": { + "description": "A list of rules results.", + "type": "object", + "properties": { + "value": { + "description": "List of rule results.", + "type": "array", + "items": { + "$ref": "#/definitions/RuleResults" + } + } + } + }, + "RulesResultsInput": { + "description": "Rules results input.", + "type": "object", + "properties": { + "latestScan": { + "description": "Take results from latest scan.", + "type": "boolean" + }, + "results": { + "description": "Expected results to be inserted into the baseline.\r\nLeave this field empty it LatestScan == true.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ] +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanOperations.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanOperations.json new file mode 100644 index 000000000000..2d87ac0eae63 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanOperations.json @@ -0,0 +1,297 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "version": "2023-02-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "paths": { + "/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}": { + "get": { + "tags": [ + "Sql Vulnerability Assessment Scans" + ], + "summary": "Gets the scan details of a single scan record.", + "operationId": "SqlVulnerabilityAssessmentScans_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "scanId", + "description": "The scan Id. Type 'latest' to get the scan record for the latest scan.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "workspaceId", + "description": "The workspace Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "api-version", + "description": "The api version.", + "required": true, + "type": "string" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + } + ], + "responses": { + "200": { + "description": "Returns the scan record details.", + "schema": { + "$ref": "#/definitions/Scan" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get scan details of a scan record": { + "$ref": "./examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_Get.json" + }, + "Get scan details of the latest scan record": { + "$ref": "./examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_GetLatest.json" + } + } + } + }, + "/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans": { + "get": { + "tags": [ + "Sql Vulnerability Assessment Scans" + ], + "summary": "Gets a list of scan records.", + "operationId": "SqlVulnerabilityAssessmentScans_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "workspaceId", + "description": "The workspace Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "api-version", + "description": "The api version.", + "required": true, + "type": "string" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + } + ], + "responses": { + "200": { + "description": "Returns the list of scan records.", + "schema": { + "$ref": "#/definitions/Scans" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "List scan details": { + "$ref": "./examples/sqlVulnerabilityAssessmentScanOperations/ArcMachineScans_List.json" + } + } + } + } + }, + "definitions": { + "ScanTriggerType": { + "description": "The scan trigger type.", + "enum": [ + "OnDemand", + "Recurring" + ], + "type": "string", + "x-ms-enum": { + "name": "ScanTriggerType", + "modelAsString": true, + "values": [ + { + "value": "OnDemand", + "description": "OnDemand" + }, + { + "value": "Recurring", + "description": "Recurring" + } + ] + } + }, + "ScanState": { + "description": "The scan status.", + "enum": [ + "Failed", + "FailedToRun", + "InProgress", + "Passed" + ], + "type": "string", + "x-ms-enum": { + "name": "ScanState", + "modelAsString": true, + "values": [ + { + "value": "Failed", + "description": "Failed" + }, + { + "value": "FailedToRun", + "description": "FailedToRun" + }, + { + "value": "InProgress", + "description": "InProgress" + }, + { + "value": "Passed", + "description": "Passed" + } + ] + } + }, + "ScanProperties": { + "description": "A vulnerability assessment scan record properties.", + "type": "object", + "properties": { + "triggerType": { + "$ref": "#/definitions/ScanTriggerType" + }, + "state": { + "$ref": "#/definitions/ScanState" + }, + "server": { + "description": "The server name.", + "type": "string" + }, + "database": { + "description": "The database name.", + "type": "string" + }, + "sqlVersion": { + "description": "The SQL version.", + "type": "string" + }, + "startTime": { + "format": "date-time", + "description": "The scan start time (UTC).", + "type": "string" + }, + "endTime": { + "format": "date-time", + "description": "Scan results are valid until end time (UTC).", + "type": "string" + }, + "highSeverityFailedRulesCount": { + "format": "int32", + "description": "The number of failed rules with high severity.", + "type": "integer" + }, + "mediumSeverityFailedRulesCount": { + "format": "int32", + "description": "The number of failed rules with medium severity.", + "type": "integer" + }, + "lowSeverityFailedRulesCount": { + "format": "int32", + "description": "The number of failed rules with low severity.", + "type": "integer" + }, + "totalPassedRulesCount": { + "format": "int32", + "description": "The number of total passed rules.", + "type": "integer" + }, + "totalFailedRulesCount": { + "format": "int32", + "description": "The number of total failed rules.", + "type": "integer" + }, + "totalRulesCount": { + "format": "int32", + "description": "The number of total rules assessed.", + "type": "integer" + }, + "isBaselineApplied": { + "description": "Baseline created for this database, and has one or more rules.", + "type": "boolean" + }, + "lastScanTime": { + "format": "date-time", + "description": "Last scan time.", + "type": "string" + } + } + }, + "Scan": { + "description": "A vulnerability assessment scan record.", + "type": "object", + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ScanProperties" + } + } + }, + "Scans": { + "description": "A list of vulnerability assessment scan records.", + "type": "object", + "properties": { + "value": { + "description": "List of vulnerability assessment scan records.", + "type": "array", + "items": { + "$ref": "#/definitions/Scan" + } + } + } + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ] +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json new file mode 100644 index 000000000000..2c5f94148e8c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json @@ -0,0 +1,480 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "version": "2023-02-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "paths": { + "/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults/{scanResultId}": { + "get": { + "tags": [ + "Sql Vulnerability Assessment Scan Results" + ], + "summary": "Gets the scan results of a single rule in a scan record.", + "operationId": "SqlVulnerabilityAssessmentScanResults_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "scanId", + "description": "The scan Id. Type 'latest' to get the scan results for the latest scan.", + "required": true, + "type": "string" + }, + { + "in": "path", + "name": "scanResultId", + "description": "The rule Id of the results.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "workspaceId", + "description": "The workspace Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "api-version", + "description": "The api version.", + "required": true, + "type": "string" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + } + ], + "responses": { + "200": { + "description": "Returns the scan results.", + "schema": { + "$ref": "#/definitions/ScanResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get scan details of a scan record": { + "$ref": "./examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_Get.json" + }, + "Get scan details of the latest scan record": { + "$ref": "./examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_GetLatest.json" + } + } + } + }, + "/{resourceId}/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/{scanId}/scanResults": { + "get": { + "tags": [ + "Sql Vulnerability Assessment Scan Results" + ], + "summary": "Gets a list of scan results for a single scan record.", + "operationId": "SqlVulnerabilityAssessmentScanResults_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "scanId", + "description": "The scan Id. Type 'latest' to get the scan results for the latest scan.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "workspaceId", + "description": "The workspace Id.", + "required": true, + "type": "string" + }, + { + "in": "query", + "name": "api-version", + "description": "The api version.", + "required": true, + "type": "string" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + } + ], + "responses": { + "200": { + "description": "Returns the list of scan results.", + "schema": { + "$ref": "#/definitions/ScanResults" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "List scan results": { + "$ref": "./examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_List.json" + }, + "List scan results of the latest scan": { + "$ref": "./examples/sqlVulnerabilityAssessmentsScanResultsOperations/ArcMachineScanResults_ListLatest.json" + } + } + } + } + }, + "definitions": { + "RuleStatus": { + "description": "The rule result status.", + "enum": [ + "NonFinding", + "Finding", + "InternalError" + ], + "type": "string", + "x-ms-enum": { + "name": "RuleStatus", + "modelAsString": true, + "values": [ + { + "value": "NonFinding", + "description": "NonFinding" + }, + { + "value": "Finding", + "description": "Finding" + }, + { + "value": "InternalError", + "description": "InternalError" + } + ] + } + }, + "Remediation": { + "description": "Remediation details.", + "type": "object", + "properties": { + "description": { + "description": "Remediation description.", + "type": "string" + }, + "scripts": { + "description": "Remediation script.", + "type": "array", + "items": { + "type": "string" + } + }, + "automated": { + "description": "Is remediation automated.", + "type": "boolean" + }, + "portalLink": { + "description": "Optional link to remediate in Azure Portal.", + "type": "string" + } + } + }, + "Baseline": { + "description": "Baseline details.", + "type": "object", + "properties": { + "expectedResults": { + "description": "Expected results.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "updatedTime": { + "format": "date-time", + "description": "Baseline update time (UTC).", + "type": "string" + } + } + }, + "BaselineAdjustedResult": { + "description": "The rule result adjusted with baseline.", + "type": "object", + "properties": { + "baseline": { + "$ref": "#/definitions/Baseline" + }, + "status": { + "$ref": "#/definitions/RuleStatus" + }, + "resultsNotInBaseline": { + "description": "Results the are not in baseline.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "resultsOnlyInBaseline": { + "description": "Results the are in baseline.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "RuleSeverity": { + "description": "The rule severity.", + "enum": [ + "High", + "Medium", + "Low", + "Informational", + "Obsolete" + ], + "type": "string", + "x-ms-enum": { + "name": "RuleSeverity", + "modelAsString": true, + "values": [ + { + "value": "High", + "description": "High" + }, + { + "value": "Medium", + "description": "Medium" + }, + { + "value": "Low", + "description": "Low" + }, + { + "value": "Informational", + "description": "Informational" + }, + { + "value": "Obsolete", + "description": "Obsolete" + } + ] + } + }, + "RuleType": { + "description": "The rule type.", + "enum": [ + "Binary", + "BaselineExpected", + "PositiveList", + "NegativeList" + ], + "type": "string", + "x-ms-enum": { + "name": "RuleType", + "modelAsString": true, + "values": [ + { + "value": "Binary", + "description": "Binary" + }, + { + "value": "BaselineExpected", + "description": "BaselineExpected" + }, + { + "value": "PositiveList", + "description": "PositiveList" + }, + { + "value": "NegativeList", + "description": "NegativeList" + } + ] + } + }, + "QueryCheck": { + "description": "The rule query details.", + "type": "object", + "properties": { + "query": { + "description": "The rule query.", + "type": "string" + }, + "expectedResult": { + "description": "Expected result.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "columnNames": { + "description": "Column names of expected result.", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "BenchmarkReference": { + "description": "The benchmark references.", + "type": "object", + "properties": { + "benchmark": { + "description": "The benchmark name.", + "type": "string" + }, + "reference": { + "description": "The benchmark reference.", + "type": "string" + } + } + }, + "VaRule": { + "description": "vulnerability assessment rule metadata details.", + "type": "object", + "properties": { + "ruleId": { + "description": "The rule Id.", + "type": "string" + }, + "severity": { + "$ref": "#/definitions/RuleSeverity" + }, + "category": { + "description": "The rule category.", + "type": "string" + }, + "ruleType": { + "$ref": "#/definitions/RuleType" + }, + "title": { + "description": "The rule title.", + "type": "string" + }, + "description": { + "description": "The rule description.", + "type": "string" + }, + "rationale": { + "description": "The rule rationale.", + "type": "string" + }, + "queryCheck": { + "$ref": "#/definitions/QueryCheck" + }, + "benchmarkReferences": { + "description": "The benchmark references.", + "type": "array", + "items": { + "$ref": "#/definitions/BenchmarkReference" + } + } + } + }, + "ScanResultProperties": { + "description": "A vulnerability assessment scan result properties for a single rule.", + "type": "object", + "properties": { + "ruleId": { + "description": "The rule Id.", + "type": "string" + }, + "status": { + "$ref": "#/definitions/RuleStatus" + }, + "isTrimmed": { + "description": "Indicated whether the results specified here are trimmed.", + "type": "boolean" + }, + "queryResults": { + "description": "The results of the query that was run.", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "remediation": { + "$ref": "#/definitions/Remediation" + }, + "baselineAdjustedResult": { + "$ref": "#/definitions/BaselineAdjustedResult" + }, + "ruleMetadata": { + "$ref": "#/definitions/VaRule" + } + } + }, + "ScanResult": { + "description": "A vulnerability assessment scan result for a single rule.", + "type": "object", + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ScanResultProperties" + } + } + }, + "ScanResults": { + "description": "A list of vulnerability assessment scan results.", + "type": "object", + "properties": { + "value": { + "description": "List of vulnerability assessment scan results.", + "type": "array", + "items": { + "$ref": "#/definitions/ScanResult" + } + } + } + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ] +} diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index b066496780bb..d48f6af3e456 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -86,14 +86,25 @@ tag: package-composite-v3 The following packages may be composed from multiple api-versions. +### Tag: package-preview-2023-02 + +These settings apply only when `--tag=package-preview-2023-02` is specified on the command line. + +``` yaml $(tag) == 'package-preview-2023-02' +input-file: + - Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsBaselineRuleOperations.json + - Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanOperations.json + - Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json +``` ### Tag: package-preview-2022-11 These settings apply only when `--tag=package-preview-2022-11` is specified on the command line. -```yaml $(tag) == 'package-preview-2022-11' +``` yaml $(tag) == 'package-preview-2022-11' input-file: - Microsoft.Security/preview/2022-11-20-preview/apiCollections.json ``` + ### Tag: package-preview-2022-08 These settings apply only when `--tag=package-preview-2022-08` is specified on the command line. @@ -308,9 +319,6 @@ input-file: - Microsoft.Security/stable/2020-01-01/secureScore.json - Microsoft.Security/stable/2020-01-01/SecuritySolutions.json - Microsoft.Security/preview/2020-01-01-preview/connectors.json -- Microsoft.Security/preview/2020-07-01-preview/sqlVulnerabilityAssessmentsScanOperations.json -- Microsoft.Security/preview/2020-07-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json -- Microsoft.Security/preview/2020-07-01-preview/sqlVulnerabilityAssessmentsBaselineRuleOperations.json - Microsoft.Security/stable/2022-01-01/alerts.json - Microsoft.Security/stable/2022-05-01/settings.json - Microsoft.Security/preview/2021-01-15-preview/ingestionSettings.json @@ -320,6 +328,9 @@ input-file: - Microsoft.Security/preview/2022-01-01-preview/governanceAssignments.json - Microsoft.Security/preview/2022-07-01-preview/applications.json - Microsoft.Security/preview/2022-11-20-preview/apiCollections.json +- Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanOperations.json +- Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json +- Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsBaselineRuleOperations.json # Needed when there is more than one input file @@ -739,7 +750,7 @@ These settings apply only when `--tag=package-2022-01-preview-only` is specified ``` yaml $(tag) == 'package-2022-01-preview-only' input-file: - Microsoft.Security/preview/2022-01-01-preview/governanceRules.json - - Microsoft.Security/preview/2022-01-01-preview/governanceAssignments.json + - Microsoft.Security/preview/2022-01-01-preview/governanceAssignments.json # Needed when there is more than one input file override-info: