Azure SQL Vulnerability Assessment can now be managed through SQL VA PowerShell cmdlets

Through Microsoft’s release of the AzureRM 6.6.0 Azure Resource Manager module, administrators can now use Structured Query Language (SQL) VA Powershell cmdlets for their Vulnerability Assessments network wide. The cmdlets are contained in the AzureRM.Sql package. This update can be downloaded through the PowerShell Gallery.

Microsoft’s SQL Vulnerability Assessment tool has provided system administrators with the means to discover, manage, and fix potential database vulnerabilities to improve their systems security. The tool has been used to ensure compliance requirements in database scans, meet privacy standards of the firm, and monitor the entire enterprise network which would otherwise be difficult to do network-wide.

The SQL Advanced Threat Protection package for the Azure SQL Database provides information protection through the sensitive data classification. It also uses threat detection to resolve security concerns and employs the Vulnerability Assessment tool to identify areas of risk.

The cmdlets included in the update call the SQL Advanced Threat Protection package, providing three main functions. The first set can be used to initiate the Advanced Threat Protection package on the Azure SQL Database. The second set of cmdlets can be used to set up Vulnerability Assessment parameters. The third set of cmdlets can be used for running scans and managing their results. The benefit of these new introduced cmdlets is that these operations can be run directly from the PowerShell console across numerous databases with ease.

Update-AzureRmSqlDatabaseVulnerabilityAssessmentSettings;
Get-AzureRmSqlDatabaseVulnerabilityAssessmentSettings;
Clear-AzureRmSqlDatabaseVulnerabilityAssessmentSettings

Set-AzureRmSqlDatabaseVulnerabilityAssessmentRuleBaseline;
Get-AzureRmSqlDatabaseVulnerabilityAssessmentRuleBaseline;
Clear-AzureRmSqlDatabaseVulnerabilityAssessmentRuleBaseline

Convert-AzureRmSqlDatabaseVulnerabilityAssessmentScan;
Get-AzureRmSqlDatabaseVulnerabilityAssessmentScanRecord;
Start-AzureRmSqlDatabaseVulnerabilityAssessmentScan

A walk through utilization of these cmdlets entails the turning on of Advanced Threat Protection first. Then, the administrator must set up the Vulnerability Assessment instructions for the system including details such as frequency of scans. Next, Baseline parameters must be set to measure the scans against. Once these details are configured, the administrator can run a vulnerability scan on the database and download the results into an Excel file. This call all be done from PowerShell. A sample script of this process is provided by Ronit Reger on the MSDN Microsoft Blog.

Aaron Michael
Aaron Micheal is an electrical engineer by profession and a hard-core gamer by passion. His exceptional experience with computer hardware and profound knowledge in gaming makes him a very competent writer. What makes him unique is his growing interest in the state of the art technologies that motivates him to learn, adopt, and integrate latest techniques into his work.