我已经通过ARM模板创建了Azure SQL服务器。要启用漏洞评估,我需要启用高级数据安全性。
我在SQL Server资源的资源支架内的ARM模板中使用以下代码来启用此功能。
{
"name": "vulnerabilityAssessments",
"type": "vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('sqlServerName'))]"
],
"properties": {
"storageContainerPath": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/vulnerability-assessment/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": "[parameters('emailaddresses')]"
}
}
},
如您所见,我将存储帐户设置为漏洞评估,但是在部署此帐户时,出现以下错误:VulnerabilityAssessmentADSIsDisabled", "message": "Advanced Data Security should be enabled in order to use Vulnerability Assessment."
当我查看我的SQL Server的高级数据安全 Blade 时,看到的设置如下:如果我手动设置存储帐户。漏洞评估已启用。...
我试图在数据库级别更改漏洞评估括号,并尝试在属性中调试存储帐户引用,但似乎看不到我做错了什么或忘记了什么?
已经有人尝试这样做吗?
PS:就像您在图像中看到的那样,当我在漏洞评估的“定期扫描”数组中启用了此功能时,定期重复扫描已关闭。
最佳答案
您遇到的问题是由部署带有漏洞评估的ARM模板引起的,但没有先启用高级数据安全性。
您将必须在ARM模板中部署Advanced Data Security,并在Vulnerability Assessment块中添加一个依赖项,因此只有在部署Advanced Data Security之后才能部署它。
例如:
{
"apiVersion": "2017-03-01-preview",
"type": "Microsoft.Sql/servers/securityAlertPolicies",
"name": "[concat(parameters('serverName'), '/Default')]",
"properties": {
"state": "Enabled",
"disabledAlerts": [],
"emailAddresses": [],
"emailAccountAdmins": true
}
},
{
"apiVersion": "2018-06-01-preview",
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"name": "[concat(parameters('serverName'), '/Default')]",
"properties": {
"storageContainerPath": "[if(parameters('enableADS'), concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-07-01').primaryEndpoints.blob, 'vulnerability-assessment'), '')]",
"storageAccountAccessKey": "[if(parameters('enableADS'), listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-02-01').keys[0].value, '')]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": true,
"emails": []
}
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/securityAlertPolicies/Default')]"
]
}
请注意,在此示例中,我假设您正在使用现有存储。
如果要在同一ARM模板中部署存储,则还必须为此添加一个依赖项(在“dependsOn”下):
"[concat('Microsoft.Storage/storageAccounts/', variables('storageName'))]"
关于azure - 通过ARM临时服务器在Azure SQL服务器上启用漏洞评估,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/57056770/