Share via

Qualys Vulnerability agent

alta94 2,191 Reputation points
Aug 16, 2022, 8:52 AM

I have like 100 VMs , I was going through my 100 VMs extension . we are using qualys extension for Vulnerability Assessment ( VA)
( Environment : Its not necassary that we have to use Qualys , Any VA should be installed. either by Qualys or Microsoft defender . We have our own AV solution on this VMs so we are not using MDE agent My goal is to achieve only enabling VA on VM not Endpoint . ) We have Defender for Cloud-Plan 2 .

below Image is shown - Normal Machine in
231443-image.png

Image 2 - Real question - : Need to identity - Can this Machine ( in image 2) be considered VA is enabled. Read below point 2 carefully and visit the article , there you can find an image related to this.

231474-image.png

Questions to clarify :

  1. I want to know which is Agent is actually doing VA work in both images.
  2. Can Microsoft monitoring agent can be considered as VA if Qualys is not installed. I'm reffering this artcile by microsoft Where Qualys and MMA agent is both mention.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/built-in-vulnerability-assessment-for-vms-in-microsoft-defender/ba-p/1577947

3) To eleminate the confusion , I deploy 1 policy , Although lots of VM have only MMA agent only ( like image 2) but still policy is not able to assess them as non compliant , I have ticked the re-evaluation button while running the remediation . so does this mean MMA Agent is VA . Means VA is enabled for all VM in my environement ?
231452-image.png

Regards

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,396 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
939 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. David Broggy 5,986 Reputation points MVP
    Aug 16, 2022, 2:33 PM

    Hi Mohammad,
    The MMA is not doing the scanning.
    That's for collecting performance metrics and monitoring the Security Event logs.
    It would be either the Qualys service you mentioned or Defender for Endpoints, depending on your selection.

    Note that I also have suspicious about the Defender for Cloud policy not understanding the differences between the (newer) AMA agent and the Log Analytics Agent - not saying this is part of your problem but worth thinking about.

    I have an on-prem Windows 2022 server using Arc with which I'm happy to do more testing for you. I don't have any VMs in Azure to save lab costs.

    You should be able to go into Defender for Cloud > Workload Protections > VM Vuln Assessment - and choose to use Defender over Qualys.

    Good Luck!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.