Virtual Machine Vulnerability Assessment (powered by Qualys) extension installation via Terraform

%3CLINGO-SUB%20id%3D%22lingo-sub-1622317%22%20slang%3D%22en-US%22%3EVirtual%20Machine%20Vulnerability%20Assessment%20(powered%20by%20Qualys)%20extension%20installation%20via%20Terraform%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1622317%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20All%2C%3C%2FP%3E%3CP%3EI'm%20trying%20to%20install%26nbsp%3BVirtual%20Machine%20Vulnerability%20Assessment%20(powered%20by%20Qualys)%20extension%20via%20Terraform.%20I%20imported%20the%20existing%20VM%20extension%20configuration%20then%20I%20saw%20LicenseCode%2C%20CustomerID%2C%20and%20Resource%20ID%20were%20written%20in%20the%20tfsate%20file.%26nbsp%3BHow%20do%20I%20get%20this%20information%20(LicenseCode%2C%20CustomerID%2C%20and%20Resource%20ID)%20for%20writing%20in%20my%20.tf%20files%3F%20Could%20Microsoft%20or%20Qualys%20provide%20this%20info%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1665540%22%20slang%3D%22en-US%22%3ERe%3A%20Virtual%20Machine%20Vulnerability%20Assessment%20(powered%20by%20Qualys)%20extension%20installation%20via%20Terrafor%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1665540%22%20slang%3D%22en-US%22%3E%3CP%3EThese%20values%20are%20landing%20in%20%3CSTRONG%3E%2Fvar%2Flib%2Fwaagent%2FQualys.LinuxAgent.AzureSecurityCenter-1.0.0.13%2Fconfig%2F0.settings%3C%2FSTRONG%3E%20file%20in%20case%20of%20Linux%20VM.%20I%20believe%20you%20can%20obtain%20LicenseCode%20from%20it%20and%20apply%20to%20the%20others%2C%20for%20the%20other%20values%20I'm%20not%20sure%20yet%20-%20trying%20to%20figure%20this%20out%20for%20myself%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEDIT%3A%3C%2FP%3E%3CP%3ELicenseCode%20parameter%20has%20in%20fact%20next%204%20values%20encoded%3A%20customer%20ID%2C%20activation%20ID%2C%20activation%20URL%20and%20port.%20This%20particular%20customer%20ID%20used%20for%20activation%20is%20different%20than%20what's%20found%20under%20'GrayLabel'%20settings.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1667454%22%20slang%3D%22en-US%22%3ERe%3A%20Virtual%20Machine%20Vulnerability%20Assessment%20(powered%20by%20Qualys)%20extension%20installation%20via%20Terrafor%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1667454%22%20slang%3D%22en-US%22%3E%3CP%3Ehi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F793159%22%20target%3D%22_blank%22%3E%40cityofships%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20saw%20that%20the%20license%20code%20and%20customerid%20don't%20change%20for%20my%20Subscription%20VMs%26nbsp%3Bin%20the%20imported%20VM%20extension%20terraform%20state%20file%20but%20resourceid%20changes%20for%20each%20VMs.%20I%20should%20find%20source%20of%20resourceid%2C%20how%20is%20it%20generated%2C%20or%20got.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1672502%22%20slang%3D%22en-US%22%3ERe%3A%20Virtual%20Machine%20Vulnerability%20Assessment%20(powered%20by%20Qualys)%20extension%20installation%20via%20Terrafor%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1672502%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F776550%22%20target%3D%22_blank%22%3E%40ssherif%3C%2FA%3Eit's%20done%20inside%20the%20portal%20and%20can%20be%20triggered%20using%20REST%20API.%20Looks%20like%20normally%20these%20values%20are%20not%20returned%20anywhere%20to%20the%20user%20which%20makes%20sense%2C%20you%20can't%20start%20generating%20license%20keys%20for%20the%20VMs%20outside%20of%20Azure.%20Have%20a%20look%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-security-center%2Fbuilt-in-vulnerability-assessment-for-vms-in-azure-security%2Fba-p%2F1577947%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-security-center%2Fbuilt-in-vulnerability-assessment-for-vms-in-azure-security%2Fba-p%2F1577947%3C%2FA%3E%3C%2FP%3E%3CP%3ESo%20looks%20like%20the%20only%20escape%20here%20is%20local-exec%20provisioner.%20ARM%20template%20is%20an%20alternative.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1678003%22%20slang%3D%22en-US%22%3ERe%3A%20Virtual%20Machine%20Vulnerability%20Assessment%20(powered%20by%20Qualys)%20extension%20installation%20via%20Terrafor%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1678003%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F793159%22%20target%3D%22_blank%22%3E%40cityofships%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20comments.%26nbsp%3B%3CBR%20%2F%3EFor%20now%2C%20I%20used%20the%20following%20link%20for%20developing%20Azure%20Policy%20Terraform%20files.%20Az%20Policy%20continuously%20monitors%20the%20VMs%20and%20deploys%20agent%20into%20the%20machines.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmaster%2FRemediation%2520scripts%2FEnable%2520the%2520built-in%2520vulnerability%2520assessment%2520solution%2520on%2520virtual%2520machines%2520(powered%2520by%2520Qualys)%2FAzure%2520Policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmaster%2FRemediation%2520scripts%2FEnable%2520the%2520built-in%2520vulnerability%2520assessment%2520solution%2520on%2520virtual%2520machines%2520(powered%2520by%2520Qualys)%2FAzure%2520Policy%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello All,

I'm trying to install Virtual Machine Vulnerability Assessment (powered by Qualys) extension via Terraform. I imported the existing VM extension configuration then I saw LicenseCode, CustomerID, and Resource ID were written in the tfsate file. How do I get this information (LicenseCode, CustomerID, and Resource ID) for writing in my .tf files? Could Microsoft or Qualys provide this info?

4 Replies

These values are landing in /var/lib/waagent/Qualys.LinuxAgent.AzureSecurityCenter-1.0.0.13/config/0.settings file in case of Linux VM. I believe you can obtain LicenseCode from it and apply to the others, for the other values I'm not sure yet - trying to figure this out for myself as well.

 

EDIT:

LicenseCode parameter has in fact next 4 values encoded: customer ID, activation ID, activation URL and port. This particular customer ID used for activation is different than what's found under 'GrayLabel' settings.

hi @cityofships 

I saw that the license code and customerid don't change for my Subscription VMs in the imported VM extension terraform state file but resourceid changes for each VMs. I should find source of resourceid, how is it generated, or got.

@ssherifit's done inside the portal and can be triggered using REST API. Looks like normally these values are not returned anywhere to the user which makes sense, you can't start generating license keys for the VMs outside of Azure. Have a look here: https://techcommunity.microsoft.com/t5/azure-security-center/built-in-vulnerability-assessment-for-v...

So looks like the only escape here is local-exec provisioner. ARM template is an alternative.

@cityofships 

Thanks for your comments. 
For now, I used the following link for developing Azure Policy Terraform files. Az Policy continuously monitors the VMs and deploys agent into the machines.

https://github.com/Azure/Azure-Security-Center/tree/master/Remediation%20scripts/Enable%20the%20buil...