You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-sql/database/sql-vulnerability-assessment.md
+40-2Lines changed: 40 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.topic: how-to
11
11
author: davidtrigano
12
12
ms.author: datrigan
13
13
ms.reviewer: vanto
14
-
ms.date: 02/11/2021
14
+
ms.date: 04/09/2021
15
15
tags: azure-synapse
16
16
---
17
17
# SQL vulnerability assessment helps you identify database vulnerabilities
@@ -120,6 +120,44 @@ Select **Export Scan Results** to create a downloadable Excel report of your sca
120
120
121
121
Select **Scan History** in the vulnerability assessment pane to view a history of all scans previously run on this database. Select a particular scan in the list to view the detailed results of that scan.
122
122
123
+
### Disable specific findings from Azure Security Center (preview)
124
+
125
+
If you have an organizational need to ignore a finding, rather than remediate it, you can optionally disable it. Disabled findings don't impact your secure score or generate unwanted noise.
126
+
127
+
When a finding matches the criteria you've defined in your disable rules, it won't appear in the list of findings. Typical scenarios include:
128
+
129
+
- Disable findings with severity below medium
130
+
- Disable findings that are non-patchable
131
+
- Disable findings from benchmarks that aren't of interest for a defined scope
132
+
133
+
> [!IMPORTANT]
134
+
> To disable specific findings, you need permissions to edit a policy in Azure Policy. Learn more in [Azure RBAC permissions in Azure Policy](../../governance/policy/overview.md#azure-rbac-permissions-in-azure-policy).
135
+
136
+
To create a rule:
137
+
138
+
1. From the recommendations detail page for **Vulnerability assessment findings on your SQL servers on machines should be remediated**, select **Disable rule**.
139
+
140
+
1. Select the relevant scope.
141
+
142
+
1. Define your criteria. You can use any of the following criteria:
143
+
- Finding ID
144
+
- Severity
145
+
- Benchmarks
146
+
147
+
:::image type="content" source="../../security-center/media/defender-for-sql-on-machines-vulnerability-assessment/disable-rule-vulnerability-findings-sql.png" alt-text="Create a disable rule for VA findings on SQL servers on machines":::
148
+
149
+
1. Select **Apply rule**. Changes might take up to 24hrs to take effect.
150
+
151
+
1. To view, override, or delete a rule:
152
+
153
+
1. Select **Disable rule**.
154
+
155
+
1. From the scope list, subscriptions with active rules show as **Rule applied**.
156
+
157
+
:::image type="content" source="../../security-center/media/remediate-vulnerability-findings-vm/modify-rule.png" alt-text="Modify or delete an existing rule":::
158
+
159
+
1. To view or delete the rule, select the ellipsis menu ("...").
@@ -241,4 +279,4 @@ To handle Boolean types as true/false, set the baseline result with binary input
241
279
242
280
- Learn more about [Azure Defender for SQL](azure-defender-for-sql.md).
243
281
- Learn more about [data discovery and classification](data-discovery-and-classification-overview.md).
244
-
- Learn more about [Storing vulnerability assessment scan results in a storage account accessible behind firewalls and VNets](sql-database-vulnerability-assessment-storage.md).
282
+
- Learn more about [Storing vulnerability assessment scan results in a storage account accessible behind firewalls and VNets](sql-database-vulnerability-assessment-storage.md).
0 commit comments