Install Qualys Cloud Agent on Azure VMs using Azure Resource Manager template either through Azure Portal or using Powershell.
THIS SCRIPT IS PROVIDED TO YOU "AS IS." TO THE EXTENT PERMITTED BY LAW, QUALYS HEREBY DISCLAIMS ALL WARRANTIES AND LIABILITY FOR THE PROVISION OR USE OF THIS SCRIPT. IN NO EVENT SHALL THESE SCRIPTS BE DEEMED TO BE CLOUD SERVICES AS PROVIDED BY QUALYS
You can use these ARM templates to deploy and install Qualys Cloud Agent on list of Azure Virtual machines (Windows and Linux) as Virtual Machine extension. VM extensions can be used whenever a virtual machine requires software installation, anti-virus protection or run a script inside of it.
Extensions can be bundled with a new VM deployment, or run against any existing virtual machine(s). The scope of these Azure ARM Templates is to install Qualys Cloud Agent (CA) as VM extension on existing Virtual machine(s).
PLEASE NOTE : With this approach, i.e installing Cloud Agent (CA) as VM extension, users will be able to see Vulnerability Assessment findings in their Qualys Subscriptions and not in Azure Security Center.
- User should have an active Qualys subscription.
- User should have have License Code available with them. To know more about retrieving License code, click here.
- Ensure you have sufficient permissions to create and deploy Azure ARM templates using Azure Portal. To know more about the permissions required, please refer the permissions section.
- If using Powershell to deploy the ARM template, ensure Azure powershell cmdlets is installed in you system.
The following are permissions required specific to list, deploy, validate and update Azure ARM template:
- Microsoft.Resources/deployments/read | Get or lists deployments.
- Microsoft.Resources/deployments/write | Creates or updates an deployment.
- Microsoft.Resources/deployments/validate/action | Validates an deployment.
- Microsoft.Resources/deployments/operations/read | Gets or lists deployment operations.
- Microsoft.Resources/deployments/operationstatuses/read | Gets or lists deployment operation statuses.
Apart from this access permissions specific to Virtual Machines extensions are required as well, i.e :
- Microsoft.Compute/virtualMachines/extensions/read | Get the properties of a virtual machine extension
- Microsoft.Compute/virtualMachines/extensions/write | Creates a new virtual machine or updates an existing one.
For further understanding, refer the Understanding the different roles and Azure Built-in roles in Reference Links section.
- To deploy through Azure portal, click on the respective buttons Deploy To Azure. This approach will deploy templates from our Github repository.
Deploy Cloud Agent on Windows VM(s)
Deploy Cloud Agent on Linux VM(s)
- This will open a pane within Azure portal that allows you to easily provide input parameter values
Input Parameters:
- vmName: This is a required field. This input parameter accepts name of Virtual Machine or Virtual Machines where you want to install Qualys Cloud Agent.
- vmLocation: This is also a required field which accepts input as the location of the Virtual machine.
- LicenseCode: This field accepts input as the license code that was retrieved from Qualys subscription.
- Once, you complete with filling of all the required input parameter fields. click Review + create.
- The portal navigates to Review + create pane where template gets validated.
- Once, you get Validation Passed status, click Create to deploy the template.
To deploy to resource group, use the following Azure powershell command:
PS C:\New-AzResourceGroupDeployment -Name Example_deployment -ResourceGroupName Example_resourcegroup -TemplateFile c:\MyTemplates\azuredeploy.json -TemplateParameterFile c:\MyTemplates\azuredeploy.paramters.json
Please note that the pre-requisite is to have a template to deploy. If you don't already have one , create and save. Also, if you are using your local system, you should:
- Install Azure Powershell cmdlets on your local computer. for more information, see Get started with Azure PowerShell
- Connect to Azure by using
Connect-AzAccountAzure powershell cmdlet.
For the example script above, we are referring local file name as c:\MyTemplates\azuredeploy.json and c:\MyTemplates\azuredeploy.parameters.json for ARM template and parameter file respectively and this command can be executed from your local system.
B. In case, your template file and parameter file are stored on external locations (such as Github, Azure Storage, etc.)
PS C:\New-AzResourceGroupDeployment -Name Example_deployment -ResourceGroupName Example_resourcegroup -TemplateUri https://raw.githubusercontent.com/qualys/master/azuredeploy.json -TemplateParameterUri https://raw.githubusercontent.com/qualys/CloudAgent-Azure-ARMTemplate/master/azuredeploy.parameters.json
Where,
- TemplateFile: Will accept the local file path of the ARM JSON template is stored.
- TemplateParameterFile: will accept the local file path where Parameter JSON file is stored.
- TemplateUri: Is the external location of the template file and
- TemplateParameterUri: Is the external location of the parameter file.
NOTE: THE POWERSHELL SCRIPTS MENTIONED ABOVE ARE AN EXAMPLE, PLEASE REPLACE THE VALUES AS PER THE REQUIREMENTS
For further more detailed information on how parameters can be passed as Inline values or deploy from Azure cloud shell, please refer the Reference Links section.
- How to Retrieve License Code from Qualys Subscription, please refer Retrieve the License Code and Public Key from your Qualys Subscription section.
- Deploy from Powershell/Azure CloudShell
- Deploy from Portal
- Understanding the different roles
- Azure Built-in roles
- Get Started with Azure Powershell
- Powershell cmdlet for Resources