Adding VA Rules article

VanMSFT · VanMSFT · commit dd723cf8513d · 2020-05-06T00:53:40.000-07:00
diff --git a/articles/sql-database/sql-database-vulnerability-assessment-rules.md b/articles/sql-database/sql-database-vulnerability-assessment-rules.md
@@ -0,0 +1,27 @@
+---
+title: SQL Vulnerability Assessment rules reference guide
+description: "List of rule titles and descriptions"
+services: sql-database
+ms.service: sql-database
+ms.subservice: security
+ms.topic: conceptual
+author: VanMSFT
+ms.author: vanto
+ms.reviewer: vanto
+ms.date: 04/06/2020
+---
+
+# SQL Vulnerability Assessment rules reference guide
+
+This article lists the set of built-in rules that are used to flag security vulnerabilities and highlight deviations from best practices, such as misconfigurations, excessive permissions, and unprotected sensitive data. The rules are based on Microsoft’s best practices and focus on the security issues that present the biggest risks to your database and its valuable data. They cover both database-level issues as well as server-level security issues, like server firewall settings and server-level permissions. These rules also represent many of the requirements from various regulatory bodies to meet their compliance standards.
+
+The rules shown in your database scans depend on the SQL version and platform that was scanned. 
+
+To learn about how to implement Vulnerability Assessment on SQL Databases see [Implement Vulnerability Assessment](https://docs.microsoft.com/azure/sql-database/sql-vulnerability-assessment#implementing-vulnerability-assessment).
+
+
+>[!div class="mx-tdBreakAll"]
+>|Rule Id  |Rule Title  |Rule Category  |Rule Severity  |Rule Description  |Platform  |
+>|---------|---------|---------|---------|---------|---------|
+>|VA1017     |Execute permissions on xp_cmdshell from all users (except dbo) should be revoked         |AuthenticationAndAuthorization         |High         |The xp_cmdshell extended stored procedure spawns a Windows command shell         |SQL server 2012 and above         |
+>|VA1018     |Latest updates should be installed         |InstallationUpdatesAndPatches         |High         |Microsoft periodically releases Cumulative Updates (CUs) for each version of SQL Server. This rule checks whether the latest CU has been installed for the particular version of SQL Server being used, by passing in a string for execution. This rule checks that all users (except dbo) do not have permission to execute the xp_cmdshell extended stored procedure. |SQL Server 2005</br>SQL Server 2008</br>SQL Server 2008R2</br>SQL Server 2012</br>SQL Server 2014</br>SQL Server 2016</br>SQL Server 2017</br>|
