SOLVED

Azure Security Center and Qualys

%3CLINGO-SUB%20id%3D%22lingo-sub-1083102%22%20slang%3D%22en-US%22%3EAzure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1083102%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20Ignite%202019%20it%20was%20announced%20that%20ASC%20(standard%20tier)%20now%20provides%20vulnerability%20assessment%20solution%20for%20VMs%20(using%20Qualys)%20with%20no%20extra%20charge%3A%26nbsp%3B%3CSTRONG%3E%22...%3C%2FSTRONG%3E%3CSPAN%3E%3CSTRONG%3Ewe%20are%20announcing%20that%20the%20Azure%20Security%20Center%20Standard%20tier%20includes%20built-in%20vulnerability%20assessment%20for%20virtual%20machines%20for%20no%20additional%20fee%22%3C%2FSTRONG%3E%20(%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Security-Center%2FIgnite-2019-releases-for-Azure-Security-Center-and-Azure%2Fba-p%2F975570%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Security-Center%2FIgnite-2019-releases-for-Azure-Security-Center-and-Azure%2Fba-p%2F975570%3C%2FA%3E)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20tried%20to%20deploy%20the%20solution%20by%3A%3C%2FP%3E%3COL%3E%3CLI%3ESelect%20the%26nbsp%3B%3CSTRONG%3E%3CSPAN%20class%3D%22ext-grid-section-column-displayName%22%3EVulnerability%20assessment%20solution%20should%20be%20installed%20on%20your%20virtual%20machines%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20class%3D%22ext-grid-section-column-displayName%22%3E%26nbsp%3Brecommendation%20in%20ASC%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%20class%3D%22ext-grid-section-column-displayName%22%3EClick%26nbsp%3B%3CSTRONG%3EInstall%26nbsp%3B%3C%2FSTRONG%3Eafter%20selecting%20the%20relevant%20VMs%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3EHowever%2C%20going%20through%20the%20wizard%20it%20still%20asks%20of%20a%20Qualys%20license%20code%20and%20public%20key%3C%2FLI%3E%3C%2FOL%3E%3CP%3ESo%20what%20does%20the%20%22for%20no%20additional%20fee%22%3CSPAN%3E%26nbsp%3Bactually%20mean%3F%20Do%20you%20still%20need%20some%20sort%20of%20a%20Qualys%20license%20to%20use%20this%3F%20Or%20I'm%20a%20doing%20something%20wrong%20in%20the%20deployment%20steps%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1083102%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Security%20Center%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Equalys%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Evulnerability%20assessment%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1084145%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1084145%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F404636%22%20target%3D%22_blank%22%3E%40markus_pitkaranta%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20the%20standard%20tier%20enable%20for%20the%20Virtual%20Machines%20on%20which%20you%20want%20to%20enable%20the%20Qualys%20VM%20partner%20agent%3F%20According%20to%20Microsoft%20documentation%2C%20you%20need%20the%20standard%20tier.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-vulnerability-assessment-recommendations%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-vulnerability-assessment-recommendations%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EKind%20Regards%2C%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EThomas%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1084166%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1084166%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F404636%22%20target%3D%22_blank%22%3E%40markus_pitkaranta%3C%2FA%3E%2C%26nbsp%3Bthe%20recommendation%20you've%20clicked%20(%22%3CSTRONG%3E%3CSPAN%20class%3D%22ext-grid-section-column-displayName%22%3EVulnerability%20assessment%20solution%20should%20be%20installed%20on%20your%20virtual%20machines%3C%2FSPAN%3E%3C%2FSTRONG%3E%22)%20predates%20the%20Ignite%20announcement.%20It's%20the%20ASC%20recommendation%20to%20setup%20a%20vulnerability%20assessment%20solution%20on%20your%20VMs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Qualys%20powered%20extension%20announced%20at%20Ignite%20is%20deployed%20through%20a%20new%20recommendation%20as%20described%20in%20the%20new%20documentation%20page%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsecurity-center%2Fbuilt-in-vulnerability-assessment%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EIntegrated%20vulnerability%20scanner%20for%20virtual%20machines%20(Standard%20tier%20only)%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIncidentally%2C%20the%20relevant%20recommendation%20%22%3CSTRONG%3EEnable%20the%20built-in%20vulnerability%20assessment%20solution%20on%20virtual%20machines%20(powered%20by%20Qualys)%3C%2FSTRONG%3E%22.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENote%20that%20the%20new%20recommendation%20is%20being%20rolled%20out%20gradually%20so%20it%20may%20not%20appear%20in%20your%20subscription%20yet.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20hope%20this%20helps.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1085829%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1085829%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F434547%22%20target%3D%22_blank%22%3E%40melvynadam%3C%2FA%3E%2C%26nbsp%3Bthanks!%20That%20clarifies%20it.%20In%20my%20case%2C%20I%20can%20see%20the%20%22new%22%20recommendation%20in%20ASC%20but%20the%20status%20is%20%22N%2FA%22.%20And%20when%20I%20open%20it%2C%20the%20%22Remediate%22%20button%20is%20greyed%20out.%20But%20maybe%20it's%20because%20it's%20being%20rolled%20out%20gradually%2C%20as%20you%20mentioned.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1098879%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1098879%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F434547%22%20target%3D%22_blank%22%3E%40melvynadam%3C%2FA%3E%2C%20is%20there%20a%20schedule%20when%20the%20solution%20becomes%20available%3F%20We%20have%20enabled%20the%20standard%20tier%20and%20after%202%20days%20still%20dont%20see%20the%20link%20in%20recommendations.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1132894%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1132894%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F434547%22%20target%3D%22_blank%22%3E%40melvynadam%3C%2FA%3E%26nbsp%3B-%20We%20are%20also%20experiencing%20various%20issues%20with%20this%20new%20plugin.%20It%20seems%20to%20be%20working%20on%20a%20few%20of%20our%20instances%2C%20but%20we%20have%20several%20instances%2C%20where%20we%20have%20deployed%20extension%2C%20but%20it%20is%20not%20scanning.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20-%20the%20results%20are%20not%20properly%20reflected%20in%20the%20Security%20Center.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20security%20center%20standard%20tier%20for%20all%20our%20virtual%20machines.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1137234%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1137234%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F535722%22%20target%3D%22_blank%22%3E%40MV_BC%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F511961%22%20target%3D%22_blank%22%3E%40LA1976%3C%2FA%3E%2C%20and%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F404636%22%20target%3D%22_blank%22%3E%40markus_pitkaranta%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20schedule%20isn't%20final%20yet%20but%20I'm%20expecting%20this%20new%20recommendation%20to%20be%20open%20to%20all%20customers%20in%20the%20very%20near%20future.%20I'll%20update%20this%20topic%20when%20it's%20done.%20Hopefully%20you'll%20notice%20the%20recommendation%20in%20Azure%20Security%20Center%2C%20before%20you%20get%20an%20alert%20from%20Tech%20Community%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1137447%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1137447%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F434547%22%20target%3D%22_blank%22%3E%40melvynadam%3C%2FA%3E-%20We%20actually%20have%20the%20options%20to%20install%2Fremediate%20it%2C%20but%20it%20is%20just%20not%20really%20working%20for%20us.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20failing%20on%20installation%20of%20the%20extension%20or%20on%20collection%20of%20data.%20Currently%20it%20is%20only%20running%20properly%20on%201-2%20VM's%20out%20of%20our%20entire%20population.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1139291%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1139291%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F535722%22%20target%3D%22_blank%22%3E%40MV_BC%3C%2FA%3E%26nbsp%3Bthat%20wasn%E2%80%99t%20the%20reply%20I%20was%20hoping%20for!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDo%20you%20have%20an%20open%20ticket%20with%20support%3F%20If%20yes%2C%20send%20me%20the%20ticket%20number%20and%20we%E2%80%99ll%20track%20this%20from%20our%20side%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1147855%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1147855%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F434547%22%20target%3D%22_blank%22%3E%40melvynadam%3C%2FA%3E-%20We%20currently%20don't%20have%20an%20open%20ticket%2C%20but%20will%20raise%20one%20as%20soon%20as%20possible%20and%20try%20to%20get%20progress%20from%20there.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1152006%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1152006%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F434547%22%20target%3D%22_blank%22%3E%40melvynadam%3C%2FA%3E-%20I%20have%20raised%20a%20ticket%20with%20support.%20It%20has%20number%26nbsp%3B120020522000570.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1209212%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1209212%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F535722%22%20target%3D%22_blank%22%3E%40MV_BC%3C%2FA%3E%2C%26nbsp%3Bmy%20understanding%20is%20that%20this%20ticket%20is%20now%20resolved.%20Do%20you%20need%20anything%20more%20from%20us%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1210985%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20and%20Qualys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1210985%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F434547%22%20target%3D%22_blank%22%3E%40melvynadam%3C%2FA%3E-%20Correct.%20It%20seems%20to%20be%20working%20on%20our%20end.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

In Ignite 2019 it was announced that ASC (standard tier) now provides vulnerability assessment solution for VMs (using Qualys) with no extra charge: "...we are announcing that the Azure Security Center Standard tier includes built-in vulnerability assessment for virtual machines for no additional fee" (https://techcommunity.microsoft.com/t5/Azure-Security-Center/Ignite-2019-releases-for-Azure-Security...)

 

I've tried to deploy the solution by:

  1. Select the Vulnerability assessment solution should be installed on your virtual machines recommendation in ASC
  2. Click Install after selecting the relevant VMs
  3. However, going through the wizard it still asks of a Qualys license code and public key

So what does the "for no additional fee" actually mean? Do you still need some sort of a Qualys license to use this? Or I'm a doing something wrong in the deployment steps?

 

 

12 Replies
Highlighted

Hello @markus_pitkaranta,

 

Do you have the standard tier enable for the Virtual Machines on which you want to enable the Qualys VM partner agent? According to Microsoft documentation, you need the standard tier.
https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-reco...


Kind Regards,

Thomas

Highlighted
Solution

@markus_pitkaranta, the recommendation you've clicked ("Vulnerability assessment solution should be installed on your virtual machines") predates the Ignite announcement. It's the ASC recommendation to setup a vulnerability assessment solution on your VMs.

 

The Qualys powered extension announced at Ignite is deployed through a new recommendation as described in the new documentation page Integrated vulnerability scanner for virtual machines (Standard tier only).

 

Incidentally, the relevant recommendation "Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)".

 

Note that the new recommendation is being rolled out gradually so it may not appear in your subscription yet.

 

I hope this helps.

Highlighted

@melvynadam, thanks! That clarifies it. In my case, I can see the "new" recommendation in ASC but the status is "N/A". And when I open it, the "Remediate" button is greyed out. But maybe it's because it's being rolled out gradually, as you mentioned.

Highlighted

@melvynadam, is there a schedule when the solution becomes available? We have enabled the standard tier and after 2 days still dont see the link in recommendations.  

Highlighted

@melvynadam - We are also experiencing various issues with this new plugin. It seems to be working on a few of our instances, but we have several instances, where we have deployed extension, but it is not scanning.

 

Also - the results are not properly reflected in the Security Center.

 

We have security center standard tier for all our virtual machines. 

Highlighted

@MV_BC, @LA1976, and @markus_pitkaranta,

 

The schedule isn't final yet but I'm expecting this new recommendation to be open to all customers in the very near future. I'll update this topic when it's done. Hopefully you'll notice the recommendation in Azure Security Center, before you get an alert from Tech Community :)

Highlighted

@melvynadam- We actually have the options to install/remediate it, but it is just not really working for us. 

 

It is failing on installation of the extension or on collection of data. Currently it is only running properly on 1-2 VM's out of our entire population. 

Highlighted

@MV_BC that wasn’t the reply I was hoping for!

 

Do you have an open ticket with support? If yes, send me the ticket number and we’ll track this from our side too.

Highlighted

@melvynadam- We currently don't have an open ticket, but will raise one as soon as possible and try to get progress from there. 

Highlighted

@melvynadam- I have raised a ticket with support. It has number 120020522000570. 

Highlighted

@MV_BC, my understanding is that this ticket is now resolved. Do you need anything more from us?

Highlighted

@melvynadam- Correct. It seems to be working on our end.