vulnerabilityassessment

Vulnerability Assessment for Azure VMs included in ASC

Vulnerability Assessment for Azure VMs included in ASC

Hackers and all kind of intruders takes advantage of weakness and mistakes of operating systems and application to get unauthorized access. Those weakness are caused due to lack of updates and patches, mistakes in design and implementation or just a human error. The prevention method of those weaknesses and mistakes is a Vulnerability Analysis that depends upon two processes. The Vulnerability Assessment and the Penetration Testing.

Microsoft Azure, in cooperation with Qualys, offers Vulnerability Assessment at no additional cost for Azure Security Center Standard Tier. The Vulnerability Assessment Azure VM extension reports its findings to Azure Security Center. We have analyzed more Azure Security Center features at previous posts:

ATTENTION! To take advance of the Qualys offering that is included at the Azure Security Center Standard Tier, without any additional cost, the extension must be installed from the Azure Security Center “Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)”  recommendation and not by the “Vulnerability assessment solution should be installed on your virtual machines” recommendation.

recommendation

Don’t worry if you don’t see this recommendation at your subscription yet. This is because it is a preview recommendation and it is being rolled-out slowly across all regions.

How to enable the Vulnerability Assessment extension

Go to Azure Security Center, at the “Resource Security Hygiene” and select the “Computer & apps”.

extension

Find the “Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)”  recommendation and click it.

quickfix

At the recommendation page, under the “Affected resources” section, there are three tabs. The “Unhealthy resources”, the “Healthy resources” and the “Not applicable resources”. The “Unhealthy resources, are Virtual Machines that are eligible but we have not enabled the extension yet. The “Healthy resources” tab includes the Virtual Machines that already have the extension installed. The “Not applicable resources” tab includes the Virtual Machines that are not eligible for the extension. This category includes images from third party companies or they are not enabled for ASC Standard tier.

resources

Select the Virtual Machines that you want to enable the extension and press “Remediate”

remediate

Once the extension is installed, it will need several minutes for the Virtual Machine will move to the “Healthy resources” tab and the Vulnerability Assessment scan will start. Note that if the Virtual Machine is stopped the remediation will fail. The Virtual Machine must be running for the extension to install.

To check the VM extension health, go to the VM and check the Extensions tab for “WindowsAgent.AzureSecurityCenter | Qualys.WindowsAgent.AzureSecurityCenter”

extensionvm

Viewing the Vulnerability Assessment results

After the extension is installed, the scan will start but it will need about 24 to 48 before you will be able to view the results. After the scan finishes, it will report he results at the Azure Security Center, under the “Remediate vulnerabilities found on your virtual machines (powered by Qualys)” recommendation.

Find more info at: https://docs.microsoft.com/en-us/azure/security-center/built-in-vulnerability-assessment

Share

Leave a Reply

Your email address will not be published. Required fields are marked *