More Info:
Enable Vulnerability Assessment (VA) Periodic recurring scans for critical SQL servers and corresponding SQL databases.Risk Level
MediumAddress
SecurityCompliance Standards
CISAZURE, CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Periodic Recurring Scans Is Set To On” for AZURE using AZURE console, follow the below steps:
- Login to the Azure portal using your credentials.
- Navigate to the Security Center dashboard from the left-hand side menu.
- Click on the “Security policy” tab from the top menu.
- Select the subscription and the scope for which you want to configure the vulnerability assessment settings.
- Click on the “Edit” button to edit the security policy.
- Scroll down to the “Vulnerability Assessment” section and click on the “On” button for “Periodic recurring scans”.
- Set the “Recurring scans” frequency as per your requirement.
- Click on the “Save” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Periodic Recurring Scans Is Set To On” for Azure using Azure CLI, you can follow the below steps:
- Open the Azure CLI command prompt.
-
Run the following command to enable vulnerability assessment for the specified Azure SQL Server:
This command will show the current status of vulnerability assessment for the specified Azure SQL Server.
-
Run the following command to enable periodic recurring scans for the specified Azure SQL Server:
This command will enable periodic recurring scans for the specified Azure SQL Server with a frequency of 1 day.
-
Verify the vulnerability assessment settings by running the following command:
This command will show the updated status of vulnerability assessment for the specified Azure SQL Server.
Using Python
Using Python
To remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Periodic Recurring Scans Is Set To On” in Azure using Python, you can use the Azure SDK for Python. Here are the steps to remediate the issue:This will enable the vulnerability assessment setting for periodic recurring scans in Azure.
- Install the Azure SDK for Python using the following command:
- Import the necessary modules:
- Set up the credentials and the client:
- Get the security policy for your subscription:
- Update the vulnerability assessment setting to enable periodic recurring scans: