Forum Discussion
Azure Sentinel shows update events for AKS nodes. What to do?
Context:
- I have a number of AKS clusters
- I have Azure Security Center in place which provisioned the OmsAgentForLinux extension to each of the cluster's nodes.
- In have Azure Sentinel in place which show various events for my subscription
Question:
- In the Overview section of Sentinel I now see Update events:
- If you click on the update events it then shows you a list of pending (?) updates for each VM:
- Are these updates automatically installed as AKS is a managed cluster? If so, how can I tell that they have been successfully installed? If not, how to go about these updates?
- CliveWatson
Microsoft
The Update table is from the Update Management solution https://docs.microsoft.com/en-us/azure/automation/automation-update-management Someone must have onboarded you. See this link for scheduling etc... https://docs.microsoft.com/en-us/azure/automation/automation-tutorial-update-management
Thanks Clive. I'm 100% certain these update events started showing up after I enabled Azure Security Center. Enabling ASC installed the OmsAgentForLinux VM extension which I can imagine also scans for missing updates.
I've also found a part to my answer trough your link. The table below clearly shows that AKS is not supported. Following the link I read: "To protect your clusters, security updates are automatically applied to Linux nodes in AKS. These updates include OS security fixes or kernel updates." So, based on this, I'm going to assume that all updates (that do not require a reboot) for which an event was generated will eventually be installed. Would you know if that assumption is correct? Thanks again.
