CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00699
- creditSnyk Research Team
Description
The vulnerability assessment setting "Send scan reports to" specifies email addresses that will be sent scan reports and alerts about critical SQL servers. Configuring this setting may reduce the time required for identifying vulnerability risks and taking corrective measures.
How to fix?
Set the recurringScans.emails attribute to one or more valid email addresses.
Example Configuration
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "example699a1/allowed",
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"properties": {
"storageContainerPath": "[concat(reference(resourceId('Microsoft.Storage/storageAccounts', 'example699')).primaryEndpoints.blob, 'vulnerability-assessment')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', 'example699'), '2018-02-01').keys[0].value]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": true,
"emails": [
"email@example1.com",
"email@example2.com"
]
}
},
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', 'example699')]",
"[concat('Microsoft.Sql/servers/', 'example699a1', '/securityAlertPolicies/Default')]"
]
}
]
}
Set the recurring_scans.emails attribute to one or more valid email addresses.
Example Configuration
resource "azurerm_mssql_server_vulnerability_assessment" "example699" {
server_security_alert_policy_id = azurerm_mssql_server_security_alert_policy.example699.id
storage_container_path = "${azurerm_storage_account.example699.primary_blob_endpoint}${azurerm_storage_container.example699.name}/"
storage_account_access_key = azurerm_storage_account.example699.primary_access_key
recurring_scans {
enabled = true
email_subscription_admins = true
emails = [
"email@example1.com",
"email@example2.com"
]
}
}