Deploying Qualys Cloud Agents from Microsoft Azure Security Center

Document created by Hari Srinivasan Employee on Sep 26, 2016Last modified by Hari Srinivasan Employee on May 3, 2017
Version 11Show Document
  • View in full screen mode

Azure Security Center provides a unified security management and monitoring console for Azure infrastructure. Qualys is integrated into the Azure security center's partner solutions for Vulnerability assessment. The security center detects the virtual machines without the solution and automates deployment of the lightweight Qualys cloud agents on them. The agents gather vulnerability data and sends it to the Qualys Cloud Platform, which in turn, provides vulnerability and health monitoring data back to Azure Security Center.

 

This document describes briefly how to deploy the Qualys Cloud Agents from Azure Security Center.

 

Want to learn more about Microsoft Azure? Check out the Azure Support page.

 

We'll help you with these steps:

Azure Security Center

Deploying Cloud Agents

Vulnerability Assessment by Qualys

Retrieve License code and key from Qualys

Create new tag 'Azure'

 


 

Azure Security Center

Login into the Microsoft Azure portal and navigate to "Security Center"

Microsoft Azure Portal

 

Click 'Security Center' to get to the Security Center's home.

Azure Security Center

 

 

Deploying Qualys Cloud Agents

Qualys agents are integrated into the Recommendations for the vulnerability assessment solution within the security center.  Security center automatically detects the virtual machines and with this integration users can directly deploy the Qualys Cloud Agent.

 

Security Center's Recommendations

 

From the list of recommendations select one or many* virtual machines where you want to deploy the Cloud Agents.

Select Virtual Machines to deploy agents

Select to 'Create New'.  If you have already gone through the flow once, the Qualys solution will be available in the 'Existing Solutions' list under this option.

Create New Solution

 

Select Qualys solution from the list.

Qualys Solution

 

Specify the inputs for the deployment.  Select a Name for the solution and fill out rest of the inputs. 

 

 

You need to have a subscription with Qualys to get the license code and public key needed for the deploying the agent. Follow the section inline, to retrieve the License code and Public Key.

If you are NEW to Qualys, you can review the Qualys solution and sign up for a free trial from 'Sign up for the solution' link.

Deploy Agents on Azure

Note: For subsequent deployments, choose the solution you just created from the 'Existing Solution' list.  The inputs are saved, so you don't need to retrieve the code and key from your Qualys subscription again. 

 

Vulnerability Assessment by Qualys

Upon deploying the agents, vulnerability assessment from Qualys will show up for the virtual machines where the solution is deployed.

From the Security Center's  - Navigate to the virtual machine(s) under the Qualys partner solution you created to find the vulnerability assessment information. 

Qualys for Azure Solution Vulnerability Assessment Info

 

 

Vulnerability Assessment info by Qualys

 

 

Vulnerability Assessment info by Qualys

 

To learn more about the vulnerability, click the link 'Solution Console'. This provides the QID information for the specific vulnerability.

Follow the remediation instructions to resolve the vulnerability.

 

You can also login into Qualys and review the vulnerability information for the virtual machines in Azure.

Use the tags to generate a report to view all the vulnerabilities for assets in Azure.

 

Retrieve the License Code and Public Key from your Qualys Subscription

Login into your Qualys subscription.  Navigate to the "Cloud Agent" application from the menu, 

 

Agents Home page under Qualys Asset View

 

Click on Install New Agent and generate a new activation key. We recommend you handle the Azure cloud deployments via a separate Activation Key. Additionally, manage your departments with separate activation keys.
Specify a name to identify it uniquely (example:AzureAgentsActivationKey) and select Vulnerability Management and/or Policy compliance modules depending on your licenses. 
We encourage you to have both the solutions to secure your assets in Azure completely.

ActivationKey for Azure

As a best practice, we recommend you to create a Tag for Azure and use that tag to be dynamically associated with the assets identified via the key. Refer to the section 'Creating a Tag' for Azure to create a new tag.

 

Agent Install Instructions

 

Currently, as a part of this integrated deployment is only available for Windows agents (soon we will be adding Linux Agents).  
Click 'Install Instructions' under Windows.  Choose 'Deploying on Azure' and retrieve the keys from the page

Deploy Agents on Azure

 

 

Copy the License Code and Public Key and use it in during Deploying the agent.

 

Creating a new tag 'Azure'

 

Tags provide you with an ability to uniquely list out the assets. For this exercise, we will create a new tag 'Azure' and use that to identify the assets in Azure cloud from the rest.  Create additional tags as it applies to your organization, in a similar way. 
Navigate to the Asset View and create a new Tag from the 'Tag' page. 

Create New Tag

 

Create New Tag Step 3

The tag created shows up in the list of Tags. Associate the tag during key generation.

 

Generate Activation Key add Azure Tag

 

Notes:

-  Users can create Power shell methodology against the Azure Security Center APIs to automate the process.

-  If you are looking to leverage the virtual appliance scanner in Azure, follow the document 'Scanning in Microsoft Azure' to deploy the virtual scanners from the Azure Marketplace.

 

Looking for more help?

Check out our Help Center.

2 people found this helpful

Attachments

    Outcomes