question

AnneGalleDebroise-4655 avatar image
0 Votes"
AnneGalleDebroise-4655 asked StuartCox-7029 answered

Qualys agent installed onto VM (state "Provisioning succeeded") but VM not applicable in Azure Security Center with "The extension might be corrupted"

I created a Windows VM in a VNet.

I have a Qualys solution in Azure Security Center, with auto-provision set to ON, so a qualys agent has been automatically installed onto the VM. Good.
Looking at the VM extensions, I see "Provisioning succeeded" for the Qaulys agent. Good again.

83966-image.png

BUT looking at Azure Security Center recommendations, more precisely loking at the control "A vulnerability assessment solution should be enabled on your virtual machines", I see my VM in the list of "Not applicable resources" with the message "The extension might be corrupted, please try to remove it and deploy again".

83991-image.png

Why is my agent not seen as working by Azure Security Center?

Notes:
- everything is good on Qualys server, the VM is listed in the list of handled assets, and vulnerabilites are also listed, so the agent is correclty transmitting information to Qualys server, but not to ASC?
- the VM is correclty connected to the Log Analytics workspace of the ASC


azure-virtual-machinesazure-security-center
image.png (15.5 KiB)
image.png (56.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnneGalleDebroise-4655 avatar image
1 Vote"
AnneGalleDebroise-4655 answered

Hello @shivapatpi-MSFT,
Thanks for your reply.

The extension you mention is for the ASC integrated vulnerability scanner, where on my side, I a m using a "BYOL Qualys solution" (exact naming is 'Deploy your configured third-party vulnerability scanner (BYOL - requires a separate license)').
I configured the solution as described in https://qualys-secure.force.com/discussions/s/article/000005837.

I got some more information for the issue I am facing: it appears to be a bug from Qualys, and they plan to fix it/deploy it by mid of April (new release of the agent).

So I will wait until that time!


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StuartCox-7029 avatar image
0 Votes"
StuartCox-7029 answered karishmatiwari-msft edited

I am having the same issue, trying to deploy the default free Qualys extension. Seeing the same "The extension might be corrupted, please try to remove it and deploy again" on multiple VM's, all showing as non-applicable. I've tried removing and redeploying via the portal and Security Center, but with same results.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

As mentioned by @AnneGalleDebroise-4655 above,


"I got some more information for the issue I am facing: it appears to be a bug from Qualys, and they plan to fix it/deploy it by mid of April (new release of the agent)."

0 Votes 0 ·
StuartCox-7029 avatar image
0 Votes"
StuartCox-7029 answered

I found our issue. We had locked down the VMs with a firewall, and the agent was not able to communicate to the Qaulys data center.

From the docs here: https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm

If the deployment fails on one or more machines, ensure the target machines can communicate with Qualys' cloud service by adding the following IPs to your allow lists (via port 443 - the default for HTTPS):

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

shivapatpi-MSFT avatar image
0 Votes"
shivapatpi-MSFT answered

Hello @AnneGalleDebroise-4655 ,
Thanks for your query !
As per the below document , the extension name should be WindowsAgent.AzureSecurityCenter and Type should be : Qualys.WindowsAgent.AzureSecurityCenter

Integration of Qualys to ASC via Qualys Cloud:

Couple of documents from Qualys Support:

Hope above document helps you out in resolving the issue.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.