View and remediate findings from vulnerability assessment solutions on your VMs

When your vulnerability assessment tool reports vulnerabilities to Security Center, Security Center presents the findings and related information as recommendations. In addition, the findings include related information such as remediation steps, relevant CVEs, CVSS scores, and more. You can view the identified vulnerabilities for one or more subscriptions, or for a specific VM.

View findings from the scans of your virtual machines

To view vulnerability assessment findings (from all of your configured scanners) and remediate identified vulnerabilities:

  1. Open Azure Security Center and go to the Recommendations page.

  2. Select the recommendation Vulnerabilities in your virtual machines should be remediated.

    Security Center shows you all the findings for all VMs in the currently selected subscriptions. The findings are ordered by severity.

    The findings from your vulnerability assessment solutions for all selected subscriptions

  3. To filter the findings by a specific VM, open the "Affected resources" section and click the VM that interests you. Or you can select a VM from the resource health view, and view all relevant recommendations for that resource.

    Security Center shows the findings for that VM, ordered by severity.

  4. To learn more about a specific vulnerability, select it.

    Details pane for a specific vulnerability

    The details pane that appears contains extensive information about the vulnerability, including:

    • Links to all relevant CVEs (where available)
    • Remediation steps
    • Any additional reference pages
  5. To remediate a finding, follow the remediation steps from this details pane.

Disable specific findings (preview)

If you have an organizational need to ignore a finding, rather than remediate it, you can optionally disable it. Disabled findings don't impact your secure score or generate unwanted noise.

When a finding matches the criteria you've defined in your disable rules, it won't appear in the list of findings. Typical scenarios include:

  • Disable findings with severity below medium
  • Disable findings that are non-patchable
  • Disable findings with CVSS score below 6.5
  • Disable findings with specific text in the security check or category (for example, “RedHat”, “CentOS Security Update for sudo”)

Important

To create a rule, you need permissions to edit a policy in Azure Policy. Learn more in Azure RBAC permissions in Azure Policy.

To create a rule:

  1. From the recommendations detail page for Vulnerabilities in your virtual machines should be remediated, select Disable rule.

  2. Select the relevant scope.

  3. Define your criteria. You can use any of the following criteria:

    • Finding ID
    • Category
    • Security check
    • CVSS scores (v2, v3)
    • Severity
    • Patchable status
  4. Select Apply rule.

    Create a disable rule for VA findings on VM

    Important

    Changes might take up to 24hrs to take effect.

  5. To view, override, or delete a rule:

    1. Select Disable rule.
    2. From the scope list, subscriptions with active rules show as Rule applied. Modify or delete an existing rule
    3. To view or delete the rule, select the ellipsis menu ("...").

Export the results

To export vulnerability assessment results, you'll need to use Azure Resource Graph (ARG). This tool provides instant access to resource information across your cloud environments with robust filtering, grouping, and sorting capabilities. It's a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal.

For full instructions and a sample ARG query, see the following Tech Community post: Exporting vulnerability assessment results in Azure Security Center.

Next steps

This article described the Azure Security Center vulnerability assessment extension (powered by Qualys) for scanning your VMs. For related material, see the following articles: