-
Notifications
You must be signed in to change notification settings - Fork 736
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Qualys workbooks do not work after ARG changes. #300
Comments
Hi there,
What current change in ARG are you referring to? |
I can see some result. but they are only coming from the "assessedResourceType": "SqlServerVulnerability". You se nothing from qualys at all.
This displayed before. the change im refering to is this: The workbooks only work with sqlassessments now, as your query also get results from. |
Hi @pelsebubb |
Hi @pelsebubb, Indeed, the workbook do not use the Microsoft.Security/securityStatuses table. The workbook uses the Microsoft.security/assessments and Microsoft.security/assessments/subassessments tables to get results. Do you see any results if you try to query the top level Qualys recommendation for VMs (please make sure you select the correct subscription in ARG Explorer)?
|
Yes, get results from this query, but it looks like this is searching for the built in policy compliance on the specific targets. Worth mentioning, we have disabled the default ASC and created our own security baseline. |
Hi @pelsebubb, indeed, the built-in policy "Vulnerabilities in your virtual machines should be remediated" is used by ASC to get results from the Qualys VA scanner. This policy is also used in the workbooks we have published in the github community. |
Hi again. The built in policy Vulnerabilities in your virtual machines should be remediated is a part of our custom initiative. I have tested to assign this policy to our default security center profile also, it still only display SQL. Do you know whats actually publishes the results from qualys into ARG? |
@pelsebubb, did you install the Qualys extension in your VMs? Please make sure they are properly communicating. More info: https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm#how-the-integrated-vulnerability-scanner-works |
I figured out this now. We needed to have an active assignment on the policy: A vulnerability assessment solution should be enabled on your virtual machines Without this assignment, data simply was not published to ARG. I find this strange that we need to have an auditpolicy in place in order to get data to ARG. I have a MS supportcase on this talking to PM to validate if this is a bug or not. |
Hi @pelsebubb, Closing this issue for now as it is no longer related to the Github artifact, and the root cause will be tracked in your support request. |
None of the wokbooks https://github.com/Azure/Azure-Security-Center/tree/master/Workbooks/ASCQualysDashboard is working at the moment after ARG was changed.
The text was updated successfully, but these errors were encountered: