Forum Discussion

ssherif's avatar
ssherif
Copper Contributor
Aug 31, 2020

Virtual Machine Vulnerability Assessment (powered by Qualys) extension installation via Terraform

Hello All, I'm trying to install Virtual Machine Vulnerability Assessment (powered by Qualys) extension via Terraform. I imported the existing VM extension configuration then I saw LicenseCode, Cust...
cityofships's avatar
cityofships
Copper Contributor
Sep 16, 2020

ssherifit's done inside the portal and can be triggered using REST API. Looks like normally these values are not returned anywhere to the user which makes sense, you can't start generating license keys for the VMs outside of Azure. Have a look here: https://techcommunity.microsoft.com/t5/azure-security-center/built-in-vulnerability-assessment-for-vms-in-azure-security/ba-p/1577947

So looks like the only escape here is local-exec provisioner. ARM template is an alternative.

ssherif's avatar
ssherif
Copper Contributor
Sep 17, 2020

cityofships 

Thanks for your comments. 
For now, I used the following link for developing Azure Policy Terraform files. Az Policy continuously monitors the VMs and deploys agent into the machines.

https://github.com/Azure/Azure-Security-Center/tree/master/Remediation%20scripts/Enable%20the%20built-in%20vulnerability%20assessment%20solution%20on%20virtual%20machines%20(powered%20by%20Qualys)/Azure%20Policy