Forum Discussion
Azure Sentinel shows update events for AKS nodes. What to do?
Context: I have a number of AKS clusters I have Azure Security Center in place which provisioned the OmsAgentForLinux extension to each of the cluster's nodes. In have Azure Sentinel in place whi...
CliveWatson
Microsoft
Microsoft
The Update table is from the Update Management solution https://docs.microsoft.com/en-us/azure/automation/automation-update-management Someone must have onboarded you. See this link for scheduling etc... https://docs.microsoft.com/en-us/azure/automation/automation-tutorial-update-management
Thanks Clive. I'm 100% certain these update events started showing up after I enabled Azure Security Center. Enabling ASC installed the OmsAgentForLinux VM extension which I can imagine also scans for missing updates.
I've also found a part to my answer trough your link. The table below clearly shows that AKS is not supported. Following the link I read: "To protect your clusters, security updates are automatically applied to Linux nodes in AKS. These updates include OS security fixes or kernel updates." So, based on this, I'm going to assume that all updates (that do not require a reboot) for which an event was generated will eventually be installed. Would you know if that assumption is correct? Thanks again.