Deploying Qualys Cloud Agents from Microsoft Azure Security Center

Document created by Hari Srinivasan on Sep 26, 2016Last modified by Sadanand Nerurkar on Feb 19, 2020
Version 24Show Document
  • View in full screen mode

This document describes how to install Qualys Cloud Agents (Windows and Linux) for Azure instances from the Azure Security Center console and view vulnerability assessment findings within Azure Security Center and your Qualys subscription.

 

Azure Security Center provides a unified security management and monitoring console for Azure infrastructure. Qualys is integrated into the Azure security center's partner solutions for Vulnerability assessment. The security center detects the virtual machines without the solution and automates the deployment of the lightweight Qualys cloud agents on them. The agents gather vulnerability data and send it to the Qualys Cloud Platform, which in turn, provides vulnerability and health monitoring data back to Azure Security Center.

 

Introduction Overview Video - Qualys Azure Integration 

 

Info from Microsoft - Vulnerability assessment in Azure Security Center | Microsoft Docs 

 

This document describes briefly how to deploy the Qualys Cloud Agents from Azure Security Center.

 

Want to learn more about Microsoft Azure? Check out the Azure Support page.

 

We'll help you with these steps:

Azure Security Center

Deploying Cloud Agents

Vulnerability Assessment by Qualys

Retrieve License code and key from Qualys

Create new tag 'Azure'

Defining Linux image properties in Azure -- required for non-Marketplace Images

 


 

Azure Security Center

Login into the Microsoft Azure portal and navigate to "Security Center".

 

Deploying Qualys Cloud Agents

Qualys agents are integrated into the Recommendations for the vulnerability assessment solution within the security center.  The Security center automatically detects the virtual machines and with this integration, users can directly deploy the Qualys Cloud Agent.

NOTE: A user needs to have 2 Security Center specific roles in addition to Owner, Contributor or Reader role for the subscription.

  • Security Reader: Provides viewing rights to Security Center. Users can view recommendations, alerts, a security policy, etc. but cannot make any changes.
  • Security Administrator: Provides additional rights to update security policy, recommendations, etc.

 

Click on "Recommendations", then click "Vulnerability assessment solution should be installed on your virtual machines". 

 

 

From the list of recommendations select one or many* virtual machines where you want to deploy the Cloud Agents. Once VMs are selected, click "Install on #n VMs" to proceed with the agent installation.

Select 'Create New' to create a new solution.If you have already gone through the flow once, the Qualys solution will be available in the 'Use existing solution" list under this option.

 

Select "Qualys, Inc" as a vulnerability assessment solution form a list of solutions when creating a new solution.

 

Specify configuration details for a New solution. Specify a name for the solution, Select resource group, location. specify License code and Public key for solution. You can get License code and Public key from Activation key you created in your Qualys subscription.

 

Optionally, you can specify to enable the "Auto deploy" option. This option is specific to ASC Vulnerability assessment and not associated with specific third-party applications such as Qualys, etc.

When the "Auto deploy" option is On, it will deploy Qualys Cloud Agent automatically on VMs which are provisioned newly in Resource Group which was specified while creating the solution. for eg, considering the Resource group mentioned in the screenshot provided above, if the Auto deploy option is enabled, Qualys agent will get automatically deployed for newly provisioned VMs only in Resource group "AutoDeployEU".

You need to have a subscription with Qualys to get the license code and public key needed for deploying the agent.

When generating the Agent key toggle the "Deploying in Azure Cloud" selector. See further detailed instructions in the "Retrieve License code and key from Qualys" section of this document.

qca azure

 

Follow the section inline, to retrieve the License code and Public Key.

If you are NEW to Qualys, you can review the Qualys solution and sign up for a free trial from 'Sign up for the solution' link.

ascc new vm sol create

 

Note: For subsequent deployments, choose the solution you just created from the 'Existing Solution' list.  The inputs are saved, so you don't need to retrieve the code and key from your Qualys subscription again. 

For deploying Qualys cloud agents for VMs in other resource groups (i.e resource group not associated with the solution) and/or if the "Auto deploy" option is disabled, Go to the "Security solutions" tab on category pane on the left-hand side. Select "Vulnerability assessment solution should be installed on your virtual machines" from "Recommendations" as mentioned in Step 1. Either you can create a new Solution or can select an existing solution.

 

To manage a specific VM, link that VM with a solution. To link VM, click on "Security Solutions". Locate the desired solution and click "VIEW"

 To connect your resources to your Qualys solution, click on "Link VM".

Then, select the VM/VMs you want to link. This will include your VM/VMs into a solution so that the VM/VMs can be managed under a specific solution. This is not related to the deployment of Cloud Agents.


Vulnerability Assessment by Qualys

Upon deploying the agents, vulnerability assessment from Qualys will show up for the virtual machines where the solution is deployed.

From Security Center - Navigate to "Security solutions" then select the VM solution by clicking "VIEW". 

 

vm sol

 

 

Here you can view the health status of all associated resources to this VM solution.

Click on a VM to get more details.

vm sol vm

Click "View findings" to review the Qualys findings.

 

image

To learn more about the vulnerability, click the vulnerability in ASC.

ascc vuln info

 

Alternatively, you can click the link 'Solution Console' back on the VM solution blade. This method provides the QID information for the specific vulnerability.

Follow the remediation instructions to resolve the vulnerability.

 

You can also login into Qualys and review the vulnerability information for the virtual machines in Azure.

Use the tags to generate a report to view all the vulnerabilities for assets in Azure.

 

Retrieve the License Code and Public Key from your Qualys Subscription

Login into your Qualys subscription.  Navigate to the "Cloud Agent" application from the menu, then select "Activation Keys".

 

activation keys

 

Click on "New Key" and generate a new activation key. We recommend you handle the Azure cloud deployments via a separate Activation Key. Additionally, manage your departments with separate activation keys.
Specify a name to identify it uniquely (example:Azure Security Center Key) and select Vulnerability Management and/or Policy compliance modules depending on your licenses. 
We encourage you to have both the solutions to secure your assets in Azure completely.

azure activation

As a best practice, we recommend you to create a Tag for Azure and use that tag to be dynamically associated with the assets identified via the key. Refer to the section 'Creating a Tag' for Azure to create a new tag.

 

agent key

 

Currently, as a part of this integrated deployment is only available for Windows and Linux agents. (Linux agent support is newly added).  
Click 'Install Instructions' under Windows or Linux.  Choose 'Deploying on Azure' and retrieve the keys from the page

license code

 

Copy the License Code and Public Key and use it in during Deploying the agent.

 

Creating a new tag 'Azure'

 

Tags provide you with an ability to uniquely list out the assets. For this exercise, we will create a new tag 'Azure' and use that to identify the assets in the Azure cloud from the rest.  Create additional tags as it applies to your organization, in a similar way. 
Navigate to the Asset View and create a new Tag from the 'Tag' page. 

Create New Tag

 

Create New Tag Step 3

The tag created shows up in the list of Tags. Associate the tag during key generation.

 

Generate Activation Key add Azure Tag

 

Notes:

-  Users can create Power shell methodology against the Azure Security Center APIs to automate the process.

-  If you are looking to leverage the virtual appliance scanner in Azure, follow the document 'Scanning in Microsoft Azure' to deploy the virtual scanners from the Azure Marketplace.

 

Defining Linux image properties in Azure -- required for non-Marketplace Images

 

Qualys Cloud Agent Linux is pre-authorized to install into Marketplace Images running supported operating systems.  (See the Cloud Agent Linux Installation Guide for list of supported operating systems.)


For custom operating system images, each image needs to have the two pre-requisites before the Cloud Agent Linux can be deployed.

 

1. The Microsoft Azure agent needs to be provisioned and working in the image.

a. The Azure agent is the method to deploy/provision the Qualys Cloud Agent into the image.

Azure Linux VM Agent Overview | Microsoft Docs 

 

2.  The image's VHD custom properties need to be modified to add in an identifiable operating system information.

Create and upload a Linux VHD in Azure | Microsoft Docs 

 

Example for custom images based on Red Hat 7.5:

"properties": {
"storageProfile": {
"imageReference": {
"publisher": "RedHat",
"offer": "RHEL",
"sku": "7.5",
"version": "latest"

 

More information on configuring Azure property files available here:  Update-AzureRmImage (AzureRM.Compute) | Microsoft Docs 

 

 

 

Looking for more help?

Check out our Help Center.

4 people found this helpful

Attachments

    Outcomes