Aug 31 2020 12:44 AM - edited Aug 31 2020 12:48 AM
Hello All,
I'm trying to install Virtual Machine Vulnerability Assessment (powered by Qualys) extension via Terraform. I imported the existing VM extension configuration then I saw LicenseCode, CustomerID, and Resource ID were written in the tfsate file. How do I get this information (LicenseCode, CustomerID, and Resource ID) for writing in my .tf files? Could Microsoft or Qualys provide this info?
Sep 14 2020 10:51 AM - edited Sep 14 2020 11:38 AM
These values are landing in /var/lib/waagent/Qualys.LinuxAgent.AzureSecurityCenter-1.0.0.13/config/0.settings file in case of Linux VM. I believe you can obtain LicenseCode from it and apply to the others, for the other values I'm not sure yet - trying to figure this out for myself as well.
EDIT:
LicenseCode parameter has in fact next 4 values encoded: customer ID, activation ID, activation URL and port. This particular customer ID used for activation is different than what's found under 'GrayLabel' settings.
Sep 15 2020 12:35 AM
hi @cityofships
I saw that the license code and customerid don't change for my Subscription VMs in the imported VM extension terraform state file but resourceid changes for each VMs. I should find source of resourceid, how is it generated, or got.
Sep 16 2020 02:06 AM
@ssherifit's done inside the portal and can be triggered using REST API. Looks like normally these values are not returned anywhere to the user which makes sense, you can't start generating license keys for the VMs outside of Azure. Have a look here: https://techcommunity.microsoft.com/t5/azure-security-center/built-in-vulnerability-assessment-for-v...
So looks like the only escape here is local-exec provisioner. ARM template is an alternative.
Sep 17 2020 05:34 AM
Thanks for your comments.
For now, I used the following link for developing Azure Policy Terraform files. Az Policy continuously monitors the VMs and deploys agent into the machines.
Nov 02 2021 02:52 PM