|   Trend Micro Cloud One™
Open menu

Enable Vulnerability Assessment Monitoring

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Risk level: Medium (should be achieved)
Rule ID: SecurityCenter-010

Ensure that "Monitor Vulnerability Assessment" feature is enabled within your Microsoft Azure cloud account so that Azure Security Center can recommend a vulnerability assessment solution to be installed on your VMs. The vulnerability assessment is part of the Azure Security Center recommendations for virtual machine (VMs). Once the monitoring feature is enabled, Security Center searches your VMs for deployed vulnerability assessment solutions and if doesn't find any, it recommends that you install one. After such a solution is being deployed, a partner agent starts reporting vulnerability data to the partner’s management platform. In turn, the partner's management platform provides vulnerability monitoring data back to Azure Security Center so you can rapidly identify any vulnerable VMs on your Security Center dashboard.

This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure

Security

After vulnerability assessment monitoring is enabled, Azure Security Center can determine if your virtual machines (VMs) have vulnerability assessment software installed, and depending on the required software deployment, the service will recommend a vulnerability assessment solution be installed on your Azure VMs.

Audit

To determine if vulnerability assessment monitoring is enabled in the Azure Security Center settings, perform the following actions:

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to Azure Security Center blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/.

03 In the navigation panel, choose Security policy to access Policy Management portal.

04 On the Policy Management page, click on the name of the subscription that you want to examine to access the selected subscription configuration settings.

05 On the Security Policy page, in the Compute and Apps category, check the Vulnerabilities should be remediated by a Vulnerability Assessment solution setting status. If the configuration setting is Disabled, the "Monitor Vulnerability Assessment" feature is not enabled for the Microsoft Azure virtual machines (VMs) provisioned in the current subscription.

06 Repeat step no. 4 and 5 for each Microsoft Azure subscription available in your account.

Using Azure CLI and PowerShell

01 Run account get-access-token command (Windows/macOS/Linux) using custom query filters to describe the "Monitor Vulnerability Assessment" feature status for the current Azure account subscription:

az account get-access-token
	--query "{subscription:subscription,accessToken:accessToken}"
	--out tsv | xargs -L1 bash -c 'curl -X GET -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn?api-version=2018-05-01' | jq 'select(.name=="SecurityCenterBuiltIn")'|jq '.properties.parameters.vulnerabilityAssesmentMonitoringEffect.value'

02 The command output should return the vulnerability assessment monitoring configuration status:

"Disabled"

If the command output returns "Disabled", as shown in the example above, the vulnerability assessment monitoring is not enabled for the Microsoft Azure virtual machines available in the selected subscription.

03 Repeat step no. 1 and 2 for each Microsoft Azure subscription available in your account.

Remediation / Resolution

To enable detection of VM vulnerabilities using a vulnerability assessment solution for your Microsoft Azure virtual machines (VMs), perform the following actions:

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to Azure Security Center blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/.

03 In the navigation panel, choose Security policy to access Policy Management portal.

04 On the Policy Management page, click on the name of the subscription that you want to examine to access the selected subscription configuration settings.

05 On the Security Policy page, click on the ASC Default (subscription: <azure-subscription-id>) policy assignment to edit the policy configuration.

06 On the selected policy assignment page, in the PARAMETERS section, select AuditIfNotExists from Monitor vulnerability assessment dropdown list to enable vulnerability assessment monitoring for all the Microsoft Azure virtual machines (VMs) available in the selected Azure subscription.

07 Click Save to apply the changes. If the request is successful, the following message should be displayed: "Updating policy assignment succeeded". Once the configuration changes are saved, the "Monitor Vulnerability Assessment" feature becomes active for the selected Azure subscription.

08 If required, repeat steps no. 4 – 7 for other Microsoft Azure cloud subscription available.

Using Azure CLI and PowerShell

01 Define the necessary parameters for the account get-access-token command, where the vulnerabilityAssesmentMonitoringEffect configuration parameter is enabled. Save the following content to a JSON file named enable-vulnerability-assessment-detection.json and replace the highlighted details, i.e. <azure-subscription-id> and <policy-definition-id>, with your own Azure account details:

{
   "properties":{
      "displayName":"ASC Default (subscription: <azure-subscription-id>)",
      "policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/<policy-definition-id>",
      "scope":"/subscriptions/<azure-subscription-id>",
      "parameters":{
         "vulnerabilityAssesmentMonitoringEffect":{
            "value":"AuditIfNotExists"
         }
      }
   },
   "id":"/subscriptions/<azure-subscription-id>/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn",
   "type":"Microsoft.Authorization/policyAssignments",
   "name":"SecurityCenterBuiltIn",
   "location":"eastus"
}

02 Run account get-access-token command (Windows/macOS/Linux) using the parameters defined at the previous step (i.e. enable-vulnerability-assessment-detection.json file) to enable vulnerability assessment monitoring for the virtual machines (VMs) within the selected Microsoft Azure cloud subscription:

az account get-access-token
	--query "{subscription:subscription,accessToken:accessToken}"
	--out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn?api-version=2018-05-01 -d@"enable-vulnerability-assessment-detection.json"'

03 If successful, the command output should return the updated Azure Security Center policy:

{
   "sku":{
      "name":"A0",
      "tier":"Free"
   },
   "properties":{
      "displayName":"ASC Default (subscription: abcdabcd-1234-1234-1234-abcdabcdabcd)",
      "scope":"/subscriptions/abcdabcd-1234-1234-1234-abcdabcdabcd",

      ...

      "description":"This is the default set of policies monitored by Azure Security Center. It was automatically assigned as part of on-boarding to Security Center. The default assignment contains only audit policies. For more information please visit https://aka.ms/ascpolicies",
   },
   "id":"/subscriptions/abcdabcd-1234-1234-1234-abcdabcdabcd/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn",
   "type":"Microsoft.Authorization/policyAssignments",
   "name":"SecurityCenterBuiltIn",
   "location":"eastus"
}

04 If required, repeat steps no. 1 – 3 for other Microsoft Azure cloud subscription available.

References

Publication date May 21, 2019

Unlock the Remediation Steps

Gain free unlimited access to our full Knowledge Base


Over 600 rules & best practices for and

Get started for FREE

A verification email will be sent to this address
We keep your information private. Learn more.

Thank you!

Please click the link in the confirmation email sent to

You are auditing:

Enable Vulnerability Assessment Monitoring

Risk level: Medium