个人中心
gpt4 book ai didi

Azure 策略审核经典 SQL 漏洞评估

转载 作者:行者123 更新时间:2023-12-03 06:14:21 25 4
gpt4 key购买 nike

我正在尝试使用 Azure 策略审核经典 SQL 漏洞评估,但无法使策略规则发挥作用。我可以通过使用这个来获得所有内容:

"policyRule": {
  "if": {
    "allOf": [
      {
        "field": "type",
        "equals": "Microsoft.Sql/servers"
      },
      {
        "field": "kind",
        "notContains": "analytics"
      }
    ]
  },

但是如果我添加:

      {
        "field": "Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled",
        "notEquals": "true"
      }

该策略未检测到任何资源。这是一个正确的策略别名,但为什么它不起作用?

最佳答案

The policy does not detect any resources. This is a correct policyalias but why is it not working?

我使用以下Azure Policy来审核SQL漏洞评估。

        {
        "properties": {
        "displayName": "SQL-vulnerability assessment on your sql servers_1.0",
        "policyType": "Custom",
        "mode": "All",
        "parameters": {
        "allowedLocations": {
        "type": "Array",
        },
        "tagname": {
        "type": "String",
        "metadata": {
        "displayName": "Exclusion Tag Name",
        "description": "Rule is not deployed if this tag exists on the SQL Server"
        }
        },
        "effect": {
        "type": "String",
        "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
        }
        },
        "policyRule": {
        "if": {
        "allOf": [ 
        {
        "field": "type", 
        "equals": "Microsoft.Sql/servers" 
        },
        {
        "field": "location",
        "in": "[parameters('allowedLocations')]"
        },
        {
        "field": "[concat('tags[', parameters('tagname'), ']')]",
        "exists": "false"
        },
        {
        "value": "[resourceGroup().tags[parameters('tagname')]]",
        "equals": ""
        },
        {
        "value": "[subscription().tags[parameters('tagname')]]",
        "equals": ""    
           }
            ]
      },
        "then": {
        "effect": "[parameters('effect')]",
        "details": {
         "type": "Microsoft.Sql/servers/vulnerabilityAssessments",
        "name": "default",
        "existenceCondition": {
        "field": "Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled", 
        "equals": "True"
        } 
        }
         }
        }
        }, 
        "id": "/providers/Microsoft.Management/managementgroups/48fed3a1-0814-4847-88ce-b766155f2792/providers/Microsoft.Authorization/policyDefinitions/410c2966a1e1856e",
        "type": "Microsoft.Authorization/policyDefinitions",
        "name": "410c2966a1e1856e"
        }

应用策略后,它将根据指定条件评估您的 SQL 服务器,并在未启用漏洞评估的情况下采取定义的操作。

政策合规结果:

enter image description here

关于Azure 策略审核经典 SQL 漏洞评估,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76424080/

25 4 0
文章推荐: javascript - 从 Microsoft Azure 获取用户的照片
文章推荐: Azure 自动化 Runbook 无法完成且没有错误
文章推荐: Azure 认知服务 : Async Text analytics for PII, 将允许的最大字符大小限制为 5120,而本应为 125,000
文章推荐: azure - 有没有办法增加 Azure 事件网格系统主题交付操作超时时间?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com