Ensure That Vulnerability Assessment Setting Periodic Recurring Scans Is Set To On

More Info:

Enable Vulnerability Assessment (VA) Periodic recurring scans for critical SQL servers and corresponding SQL databases.

Risk Level

Medium

Address

Security

Compliance Standards

CISAZURE, CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Periodic Recurring Scans Is Set To On” for Azure using Azure CLI, you can follow the below steps:

Open the Azure CLI command prompt.
Run the following command to enable vulnerability assessment for the specified Azure SQL Server:
```
az sql server va show --resource-group <resource-group-name> --server <server-name> --name default
```
This command will show the current status of vulnerability assessment for the specified Azure SQL Server.
Run the following command to enable periodic recurring scans for the specified Azure SQL Server:
```
az sql server va update --resource-group <resource-group-name> --server <server-name> --name default --email-admins On --email-address <email-address> --state On --recurring-scans-interval 1
```
This command will enable periodic recurring scans for the specified Azure SQL Server with a frequency of 1 day.
Verify the vulnerability assessment settings by running the following command:
```
az sql server va show --resource-group <resource-group-name> --server <server-name> --name default
```
This command will show the updated status of vulnerability assessment for the specified Azure SQL Server.

By following these steps, you can remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Periodic Recurring Scans Is Set To On” for Azure using Azure CLI.

Using Python

To remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Periodic Recurring Scans Is Set To On” in Azure using Python, you can use the Azure SDK for Python. Here are the steps to remediate the issue:

Install the Azure SDK for Python using the following command:

pip install azure-mgmt-security

Import the necessary modules:

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.security import SecurityCenter

Set up the credentials and the client:

TENANT_ID = '<your tenant id>'
CLIENT_ID = '<your client id>'
CLIENT_SECRET = '<your client secret>'
SUBSCRIPTION_ID = '<your subscription id>'

credentials = ServicePrincipalCredentials(
    client_id=CLIENT_ID,
    secret=CLIENT_SECRET,
    tenant=TENANT_ID
)

security_center_client = SecurityCenter(credentials, SUBSCRIPTION_ID)

Get the security policy for your subscription:

policy = security_center_client.policies.get('default')

Update the vulnerability assessment setting to enable periodic recurring scans:

vulnerability_assessment_settings = policy.security_contact_configurations.vulnerability_assessment
vulnerability_assessment_settings.recurring_scans = True

security_center_client.policies.create_or_update(policy.id, policy)

This will enable the vulnerability assessment setting for periodic recurring scans in Azure.

Additional Reading:

https://docs.microsoft.com/en-us/azure/sql-database/sql-vulnerability-assessment

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Ensure That Vulnerability Assessment Setting Periodic Recurring Scans Is Set To On

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: