Vulnerability Assessment for Azure VMs included in ASC
Hackers and all kind of intruders takes advantage of weakness and mistakes of operating systems and application to get unauthorized access. Those weakness are caused due to lack of updates and patches, mistakes in design and implementation or just a human error. The prevention method of those weaknesses and mistakes is a Vulnerability Analysis that depends upon two processes. The Vulnerability Assessment and the Penetration Testing.
Microsoft Azure, in cooperation with Qualys, offers Vulnerability Assessment at no additional cost for Azure Security Center Standard Tier. The Vulnerability Assessment Azure VM extension reports its findings to Azure Security Center. We have analyzed more Azure Security Center features at previous posts:
- Use Azure Security Center to protect your workloads
- ASC | Remediate security recommendations in 1 click
- Bulletproof manage your Azure VMs
ATTENTION! To take advance of the Qualys offering that is included at the Azure Security Center Standard Tier, without any additional cost, the extension must be installed from the Azure Security Center “Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)” recommendation and not by the “Vulnerability assessment solution should be installed on your virtual machines” recommendation.
Don’t worry if you don’t see this recommendation at your subscription yet. This is because it is a preview recommendation and it is being rolled-out slowly across all regions.
How to enable the Vulnerability Assessment extension
Go to Azure Security Center, at the “Resource Security Hygiene” and select the “Computer & apps”.
Find the “Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)” recommendation and click it.
At the recommendation page, under the “Affected resources” section, there are three tabs. The “Unhealthy resources”, the “Healthy resources” and the “Not applicable resources”. The “Unhealthy resources, are Virtual Machines that are eligible but we have not enabled the extension yet. The “Healthy resources” tab includes the Virtual Machines that already have the extension installed. The “Not applicable resources” tab includes the Virtual Machines that are not eligible for the extension. This category includes images from third party companies or they are not enabled for ASC Standard tier.
Select the Virtual Machines that you want to enable the extension and press “Remediate”
Once the extension is installed, it will need several minutes for the Virtual Machine will move to the “Healthy resources” tab and the Vulnerability Assessment scan will start. Note that if the Virtual Machine is stopped the remediation will fail. The Virtual Machine must be running for the extension to install.
To check the VM extension health, go to the VM and check the Extensions tab for “WindowsAgent.AzureSecurityCenter | Qualys.WindowsAgent.AzureSecurityCenter”
Viewing the Vulnerability Assessment results
After the extension is installed, the scan will start but it will need about 24 to 48 before you will be able to view the results. After the scan finishes, it will report he results at the Azure Security Center, under the “Remediate vulnerabilities found on your virtual machines (powered by Qualys)” recommendation.
Find more info at: https://docs.microsoft.com/en-us/azure/security-center/built-in-vulnerability-assessment
Pantelis Apostolidis is a Cloud Solutions Architect at Microsoft and an ex Microsoft Azure MVP. For the last 15 years, Pantelis has been involved to major cloud projects in Greece and abroad, helping companies to adopt and deploy cloud technologies, driving business value. He is entitled to a lot of Microsoft Expert Certifications, demonstrating his proven experience in delivering high quality solutions. He is an author, blogger and he is acting as a spokesperson for conferences, workshops and webinars. He is also an active member of several communities as a moderator in azureheads.gr and autoexec.gr. Follow him on Twitter @papostolidis.