gpt4 book ai didi

Azure 策略审核经典 SQL 漏洞评估

转载 作者:行者123 更新时间:2023-12-03 06:14:21 26 4
gpt4 key购买 nike

我正在尝试使用 Azure 策略审核经典 SQL 漏洞评估,但无法使策略规则发挥作用。我可以通过使用这个来获得所有内容:

"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Sql/servers"
},
{
"field": "kind",
"notContains": "analytics"
}
]
},

但是如果我添加:

      {
"field": "Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled",
"notEquals": "true"
}

该策略未检测到任何资源。这是一个正确的策略别名,但为什么它不起作用?

最佳答案

The policy does not detect any resources. This is a correct policyalias but why is it not working?

我使用以下Azure Policy来审核SQL漏洞评估。

        {
"properties": {
"displayName": "SQL-vulnerability assessment on your sql servers_1.0",
"policyType": "Custom",
"mode": "All",
"parameters": {
"allowedLocations": {
"type": "Array",
},
"tagname": {
"type": "String",
"metadata": {
"displayName": "Exclusion Tag Name",
"description": "Rule is not deployed if this tag exists on the SQL Server"
}
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "AuditIfNotExists"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Sql/servers"
},
{
"field": "location",
"in": "[parameters('allowedLocations')]"
},
{
"field": "[concat('tags[', parameters('tagname'), ']')]",
"exists": "false"
},
{
"value": "[resourceGroup().tags[parameters('tagname')]]",
"equals": ""
},
{
"value": "[subscription().tags[parameters('tagname')]]",
"equals": ""
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"name": "default",
"existenceCondition": {
"field": "Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled",
"equals": "True"
}
}
}
}
},
"id": "/providers/Microsoft.Management/managementgroups/48fed3a1-0814-4847-88ce-b766155f2792/providers/Microsoft.Authorization/policyDefinitions/410c2966a1e1856e",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "410c2966a1e1856e"
}

应用策略后,它将根据指定条件评估您的 SQL 服务器,并在未启用漏洞评估的情况下采取定义的操作。

政策合规结果:

enter image description here

关于Azure 策略审核经典 SQL 漏洞评估,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76424080/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com