module/AzTS.dll-Help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Invoke-AzureScan</command:name> <command:verb>Invoke</command:verb> <command:noun>AzureScan</command:noun> <maml:description> <maml:para>This command would help in validating the security controls for the Azure resources meeting the specified input criteria.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This command will execute the security controls and will validate their status as 'Success' or 'Failure' based on the security guidance and helps the application team to verify whether their Azure resources are compliant with the security guidance or not .Refer https://aka.ms/azskossdocs for more information </maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Invoke-AzureScan</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none"> <maml:name>SubscriptionId</maml:name> <maml:description> <maml:para>Subscription id for which the security evaluation has to be performed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the id of tenant to which the subscription belongs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>ControlIds</maml:name> <maml:description> <maml:para>Comma separated control ids to filter the security controls. e.g.:"Azure_Storage_AuthN_Dont_Allow_Anonymous","Azure_APIManagement_DP_Use_HTTPS_URL_Scheme"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>FilterTags</maml:name> <maml:description> <maml:para>Comma separated tags to filter the security controls. e.g.: RBAC, Automated.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="4" aliases="none"> <maml:name>ResourceTypeNames</maml:name> <maml:description> <maml:para>Comma separated resource type to filter the security controls. e.g.:"Storage","SubsciptionCore"</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">SubscriptionCore</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">VirtualNetwork</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">VirtualMachineScaleSet</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">VirtualMachine</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">TrafficManager</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Storage</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SQLServer</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SQLManagedInstance</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ServiceFabric</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ServiceBus</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">RedisCache</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">NSG</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">NotificationHub</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">LogicApps</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">KubernetesService</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">KeyVault</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HDInsight</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">EventHub</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DBForPostgreSql</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DBForMySql</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DataLakeStore</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DataLakeAnalytics</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DataFactory</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CosmosDB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ContainerRegistry</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CloudService</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CDN</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AppService</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">APIManagement</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AppGateway</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="5" aliases="none"> <maml:name>ExcludeResourceTypeNames</maml:name> <maml:description> <maml:para>Comma separated resource type to exclude the security controls. e.g.:"Storage","SubsciptionCore".</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">SubscriptionCore</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">VirtualNetwork</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">VirtualMachineScaleSet</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">VirtualMachine</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">TrafficManager</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Storage</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SQLServer</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SQLManagedInstance</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ServiceFabric</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ServiceBus</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">RedisCache</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">NSG</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">NotificationHub</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">LogicApps</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">KubernetesService</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">KeyVault</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HDInsight</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">EventHub</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DBForPostgreSql</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DBForMySql</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DataLakeStore</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DataLakeAnalytics</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">DataFactory</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CosmosDB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ContainerRegistry</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CloudService</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CDN</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AppService</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">APIManagement</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">AppGateway</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="6" aliases="none"> <maml:name>ExcludeControlIds</maml:name> <maml:description> <maml:para>Comma separated control ids to exclude the security controls. e.g.:"Azure_Storage_AuthN_Dont_Allow_Anonymous","Azure_APIManagement_DP_Use_HTTPS_URL_Scheme".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DoNotOpenOutputFolder</maml:name> <maml:description> <maml:para>Switch to specify whether to open output folder containing all security evaluation report or not.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>ControlIds</maml:name> <maml:description> <maml:para>Comma separated control ids to filter the security controls. e.g.:"Azure_Storage_AuthN_Dont_Allow_Anonymous","Azure_APIManagement_DP_Use_HTTPS_URL_Scheme".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DoNotOpenOutputFolder</maml:name> <maml:description> <maml:para>Switch to specify whether to open output folder containing all security evaluation report or not.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="6" aliases="none"> <maml:name>ExcludeControlIds</maml:name> <maml:description> <maml:para>Comma separated control ids to exclude the security controls. e.g.:"Azure_Storage_AuthN_Dont_Allow_Anonymous","Azure_APIManagement_DP_Use_HTTPS_URL_Scheme".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="5" aliases="none"> <maml:name>ExcludeResourceTypeNames</maml:name> <maml:description> <maml:para>Comma separated resource type to exclude the security controls e.g.:"Storage","SubsciptionCore".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>FilterTags</maml:name> <maml:description> <maml:para>Comma separated tags to filter the security controls. e.g.: RBAC, Automated.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="4" aliases="none"> <maml:name>ResourceTypeNames</maml:name> <maml:description> <maml:para>Comma separated resource type to filter the security controls. e.g.:"Storage","SubsciptionCore"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none"> <maml:name>SubscriptionId</maml:name> <maml:description> <maml:para>Subscription id for which the security evaluation has to be performed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the id of tenant to which the subscription belongs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Invoke-AzureScan -SubscriptionId 00000000-xxxx-0000-xxxx-000000000000 -TenantId 00000000-xxxx-0000-xxxx-000000000000 </dev:code> <dev:remarks> <maml:para>This command will execute the security controls and open output folder containing all security evaluation report.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Invoke-AzureScan -SubscriptionId 00000000-xxxx-0000-xxxx-000000000000 -TenantId 00000000-xxxx-0000-xxxx-000000000000 -ControlIds "Azure_Storage_AuthN_Dont_Allow_Anonymous","Azure_APIManagement_DP_Use_HTTPS_URL_Scheme"</dev:code> <dev:remarks> <maml:para>This command will execute only "Azure_Storage_AuthN_Dont_Allow_Anonymous","Azure_APIManagement_DP_Use_HTTPS_URL_Scheme" security controls and open output folder containing all security evaluation report.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> Invoke-AzureScan -SubscriptionId 00000000-xxxx-0000-xxxx-000000000000 -TenantId 00000000-xxxx-0000-xxxx-000000000000 -ResourceTypeNames SubscriptionCore,Storage </dev:code> <dev:remarks> <maml:para>This command will only scan the Resource Type SubscriptionCore,Storage while executing the security controls and open output folder containing all security evaluation report.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Invoke-AzureScan -SubscriptionId 00000000-xxxx-0000-xxxx-000000000000 -TenantId 00000000-xxxx-0000-xxxx-000000000000 -FilterTags Testing </dev:code> <dev:remarks> <maml:para>This command will execute the security controls which contains "Testing" tag and open output folder containing all security evaluation report.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 5 --------------------------</maml:title> <dev:code>PS C:\> Invoke-AzureScan -SubscriptionId 00000000-xxxx-0000-xxxx-000000000000 -TenantId 00000000-xxxx-0000-xxxx-000000000000 -ExcludeResourceTypeNames SubscriptionCore,Storage </dev:code> <dev:remarks> <maml:para>This command will exclude Resource Type SubscriptionCore,Storage from scanning while executing the security controls and open output folder containing all security evaluation report.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 6 --------------------------</maml:title> <dev:code>PS C:\> Invoke-AzureScan -SubscriptionId 00000000-xxxx-0000-xxxx-000000000000 -TenantId 00000000-xxxx-0000-xxxx-000000000000 -ExcludeControlIds "Azure_Storage_AuthN_Dont_Allow_Anonymous","Azure_APIManagement_DP_Use_HTTPS_URL_Scheme" </dev:code> <dev:remarks> <maml:para>This command will execute the security controls except "Azure_Storage_AuthN_Dont_Allow_Anonymous","Azure_APIManagement_DP_Use_HTTPS_URL_Scheme" and open output folder containing all security evaluation report.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 7 --------------------------</maml:title> <dev:code>PS C:\> Invoke-AzureScan -SubscriptionId 00000000-xxxx-0000-xxxx-000000000000 -TenantId 00000000-xxxx-0000-xxxx-000000000000 -DoNotOpenOutputFolder </dev:code> <dev:remarks> <maml:para>This command will execute the security controls and do not open output folder containing all security evaluation report.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink><maml:linkText>External-Help</maml:linkText><maml:uri>https://github.com/azsk/AzTS-docs/tree/main/09-PowershellModule/Readme.md</maml:uri></maml:navigationLink> </maml:relatedLinks> </command:command> </helpItems> |