适用于虚拟机(仅适用于标准层)的集成漏洞扫描程序Integrated vulnerability scanner for virtual machines (Standard tier only)

Azure 安全中心附带的漏洞扫描程序由 Qualys 提供支持。The vulnerability scanner included with Azure Security Center is powered by Qualys. Qualys 的扫描程序是用于实时识别 Azure 虚拟机中的漏洞的领先工具。Qualys's scanner is the leading tool for real-time identification of vulnerabilities in your Azure Virtual Machines. 它仅可供标准定价层的用户使用。It's only available to users on the standard pricing tier. 你不需要 Qualys 许可证,甚至不需要 Qualys 帐户 - 在安全中心内一切都可以进行无缝处理。You don't need a Qualys license or even a Qualys account - everything's handled seamlessly inside Security Center.

此功能目前以预览版提供。This feature is currently in preview.

备注

安全中心支持集成其他供应商提供的工具,但你需要处理许可成本、部署和配置。Security Center supports the integration of tools from other vendors, but you'll need to handle the licensing costs, deployment, and configuration. 有关详细信息,请参阅部署合作伙伴漏洞扫描解决方案For more information, see Deploying a partner vulnerability scanning solution. 如果选择不使用 Azure 安全中心附带的内置漏洞扫描程序,则还可以根据这些说明来集成组织自己的 Qualys 许可证。You can also use those instructions to integrate your organization's own Qualys license, if you choose not to use the built-in vulnerability scanner included with Azure Security Center.

部署 Qualys 内置漏洞扫描程序(仅适用于标准层)Deploying the Qualys built-in vulnerability scanner (Standard tier only)

若要扫描基于 Azure 的虚拟机是否存在漏洞,最简单的方法是使用内置的漏洞扫描程序。The simplest way to scan your Azure-based virtual machines for vulnerabilities is to use the built-in vulnerability scanner.

若要部署漏洞扫描程序扩展,请执行以下操作:To deploy the vulnerability scanner extension:

  1. 打开 Azure 安全中心并转到“建议”页以获取标准定价层上的订阅。Open Azure Security Center and go to the Recommendations page for a subscription on the standard pricing tier.

  2. 选择名为“在虚拟机上启用内置漏洞评估解决方案(由 Qualys 提供支持)”的建议。Select the recommendation named "Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)".

    Azure 安全中心的“建议”页,已筛选到 Qualys 建议Recommendations page in Azure Security Center filtered to Qualys recommendations

    你的 VM 会出现在以下一个或多个组中:Your VMs will appear in one or more of the following groups:

    • 正常的资源 - 已将漏洞扫描程序扩展部署到这些 VM。Healthy resources - the vulnerability scanner extension has been deployed to these VMs.

    • 不正常的资源 - 可以将漏洞扫描程序扩展部署到这些 VM。Unhealthy resources - the vulnerability scanner extension can be deployed to these VMs.

    • 不适用的资源 - 这些 VM 不能部署漏洞扫描程序扩展。Not applicable resources - these VMs can't have the vulnerability scanner extension deployed. 你的 VM 可能在此选项卡中,因为它可能在免费定价层上、缺少 ImageReference 类(与自定义映像和从备份还原的 VM 有关,如 Azure for .NET 文档 中所述),或者未运行受支持的 OS 之一:Your VM might be in this tab because it's on the free pricing tier, it's missing the ImageReference class (relevant to custom images and VMs restored from backup, as explained in the Azure for .NET documentation](https://docs.azure.cn/dotnet/api/microsoft.azure.batch.imagereference?view=azure-dotnet), or it's not running one of the supported OSes:

      供应商Vendor OSOS 支持的版本Supported versions
      MicrosoftMicrosoft WindowsWindows 全部All
      Red HatRed Hat Enterprise LinuxEnterprise Linux 5.4+、6、7.0 - 7.7、85.4+, 6, 7.0-7.7, 8
      Red HatRed Hat CentOSCentOS 5.4+、6、7.0 - 7.75.4+, 6, 7.0-7.7
      Red HatRed Hat FedoraFedora 22 - 2522-25
      SUSESUSE Linux Enterprise Server (SLES)Linux Enterprise Server (SLES) 11、12、1511, 12, 15
      SUSESUSE OpenSUSEOpenSUSE 12、1312, 13
      SUSESUSE LeapLeap 42.142.1
      OracleOracle Enterprise LinuxEnterprise Linux 5.11、6、7.0 - 7.55.11, 6, 7.0-7.5
      DebianDebian DebianDebian 7.x - 9.x7.x-9.x
      UbuntuUbuntu UbuntuUbuntu 12.04 LTS、14.04 LTS、15.x、16.04 LTS、18.04 LTS12.04 LTS, 14.04 LTS, 15.x, 16.04 LTS, 18.04 LTS
  3. 从“不正常的资源”选项卡中,选择要在其上部署 Qualys 扫描程序的 VM,然后单击“修正”。From the Unhealthy resources tab, select the VMs on which you want to deploy the Qualys scanner and click Remediate.

    为 Qualys 扫描程序选择 VM

    系统会在所有选定的 VM 上安装扫描程序扩展。The scanner extension will be installed on all of the selected VMs.

    一旦扩展成功部署,扫描就会自动开始。Scanning begins automatically as soon as the extension is successfully deployed. 然后,扫描会按四小时的时间间隔运行。Scans will then run at four-hour intervals. 此时间间隔是硬编码的,不可配置。This interval is hard-coded and not configurable.

查看并修正发现的漏洞Viewing and remediating discovered vulnerabilities

当安全中心识别出漏洞时,它会提供结果和相关信息作为建议。When Security Center identifies vulnerabilities, it presents findings and related information as recommendations. 相关信息包括修正步骤、相关 CVE、CVSS 分数,等等。The related information includes remediation steps, related CVEs, CVSS scores, and more. 你可以查看为一个或多个订阅或者为特定 VM 识别出的漏洞。You can view the identified vulnerabilities for one or more subscriptions, or for a specific VM.

若要查看结果并修正识别出的漏洞,请执行以下操作:To see the findings and remediate the identified vulnerability:

  1. 打开 Azure 安全中心并转到“建议”页。Open Azure Security Center and go to the Recommendations page.

  2. 选择名为“修正虚拟机上发现的漏洞(由 Qualys 提供支持)”的建议。Select the recommendation named "Remediate vulnerabilities found on your virtual machines (powered by Qualys)".

    安全中心会显示当前所选订阅中所有 VM 对应的所有结果。Security Center shows you all the findings for all VMs in the currently selected subscriptions. 这些结果按严重性排序。The findings are ordered by severity.

    所有选定订阅对应的 Qualys 结果的列表List of findings from Qualys for all selected subscriptions

  3. 若要按特定的 VM 筛选结果,请打开“受影响的资源”部分,然后单击关注的 VM。To filter the findings by a specific VM, open the "Affected resources" section and click the VM that interests you. 或者可从资源运行状况视图中选择一个 VM,然后查看针对该资源的所有相关建议。Or you can select a VM from the resource health view, and view all relevant recommendations for that resource.

    安全中心会显示该 VM 对应的结果,按严重性排序。Security Center shows the findings for that VM, ordered by severity.

    特定虚拟机对应的结果Findings for a specific virtual machine

    在此示例中,你可以看到发现了 94 个漏洞,其中有 5 个是中等严重性。In this example, you can see that 94 vulnerabilities were discovered and that 5 of them are medium severity.

  4. 若要详细了解某个特定漏洞,请选择它。To learn more about a specific vulnerability, select it.

    漏洞 #91426 的详细信息窗格Details pane for vulnerability #91426

    显示的详细信息窗格包含有关此漏洞的大量信息,其中包括:The details pane that appears contains extensive information about the vulnerability, including:

    • 指向所有相关 CVE 的链接(如果可用)Links to all relevant CVEs (where available)
    • 修正步骤Remediation steps
    • 任何其他参考页面Any additional reference pages
  5. 若要修正某个结果,请按照此详细信息窗格中的修正步骤进行操作。To remediate a finding, follow the remediation steps from this details pane.

导出结果Exporting results

若要导出漏洞评估结果,需要使用 Azure Resource Graph (ARG)。To export vulnerability assessment results, you'll need to use Azure Resource Graph (ARG). 使用此工具,可以通过强大的筛选、分组和排序功能,快速访问你的云环境中的资源信息。This tool provides instant access to resource information across your cloud environments with robust filtering, grouping, and sorting capabilities. 这是一种通过编程或 Azure 门户查询 Azure 订阅中的信息的快捷有效方法。It's a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal.

有关完整说明和 ARG 查询示例,请参阅此技术社区帖子:导出 Azure 安全中心的漏洞评估结果For full instructions and a sample ARG query, see this Tech Community post: Exporting Vulnerability Assessment Results in Azure Security Center.

内置 Qualys 漏洞扫描程序常见问题解答Built-in Qualys vulnerability scanner FAQ

Qualys 许可证是否需要额外付费?Are there any additional charges for the Qualys license?

否。No. 内置扫描程序可供所有标准层用户免费使用。The built-in scanner is free to all standard tier users. “在虚拟机上启用内置漏洞评估解决方案(由 Qualys 提供支持)”建议会部署带有许可和配置信息的扫描程序。The "Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)" recommendation deploys the scanner with its licensing and configuration information. 不需要额外的许可证。No additional licenses are required.

安装 Qualys 扩展需要哪些先决条件和权限?What prerequisites and permissions are required to install the Qualys extension?

对于要在其上部署扩展的任何 VM,你需要写入权限。You'll need write permissions for any VM on which you want to deploy the extension.

与其他扩展一样,Azure 安全中心漏洞评估扩展(由 Qualys 提供支持)在 Azure 虚拟机代理之上运行。The Azure Security Center Vulnerability Assessment extension (powered by Qualys), like other extensions, runs on top of the Azure Virtual Machine agent. 因此,它在 Windows 上以本地主机身份运行,在 Linux 上以 Root 身份运行。So it runs as Local Host on Windows, and Root on Linux.

是否可以删除安全中心 Qualys 扩展?Can I remove the Security Center Qualys extension?

如果要从 VM 中删除此扩展,可以手动进行,也可以使用任何编程工具。If you want to remove the extensions from a VM, you can do it manually or with any of your programmatic tools.

需要准备好以下详细信息:You'll need the following details:

  • 在 Linux 上,该扩展名为“LinuxAgent.AzureSecurityCenter”,提供商名称为“Qualys”On Linux, the extension is called "LinuxAgent.AzureSecurityCenter" and provider name is "Qualys"
  • 在 Windows 上,该扩展名为“WindowsAgent.AzureSecurityCenter”,提供商名称为“Qualys”On Windows, the extension is called "WindowsAgent.AzureSecurityCenter" and provider name is "Qualys"

该扩展如何进行更新?How does the extension get updated?

与 Azure 安全中心代理本身以及所有其他 Azure 扩展一样,Qualys 扫描程序的微小更新可以在后台自动进行。Like the Azure Security Center agent itself and all other Azure extensions, minor updates of the Qualys scanner may automatically happen in the background. 在自动部署前会对所有代理和扩展进行大量测试。All agents and extensions are tested extensively before being automatically deployed.

漏洞扫描程序扩展的某些更新可能需要手动部署。Some updates to the vulnerability scanner extension may require manual deployment. 例如,如果运行的是 v1.0.0.4,则必须执行以下步骤For example, if you're running v1.0.0.4, you must take the following steps:

  1. 验证 VM 上运行的 Qualys 漏洞扫描程序扩展的版本:Verify the version of the Qualys vulnerability scanner extension running on your VM:

    1. 在 Azure 门户中,打开“虚拟机”。From the Azure portal, open Virtual machines.

    2. 选择其上安装了代理的 VM。Select the VM on which the agent is installed.

    3. 从侧栏导航中,打开“扩展”并选择以下扩展:From the sidebar navigation, open Extensions and select the following extension:

      姓名:WindowsAgent.AzureSecurityCenter 类型:Qualys.WindowsAgent.AzureSecurityCenterName: WindowsAgent.AzureSecurityCenter Type: Qualys.WindowsAgent.AzureSecurityCenter

    4. 查看扩展的版本信息。Review the version information of the extension.

      Qualys 代理扩展版本信息

    5. 如果版本为 1.0.0.4,请单击“卸载”并等待,直到 VM 的“扩展”页中不再列出该扩展。If the version is 1.0.0.4, click Uninstall and wait until the extension is no longer listed in the Extensions page of the VM.

    6. 重启 VM。Restart the VM.

    7. 当 VM 的状态为“正在运行”时,按上面的部署 Qualys 内置漏洞扫描程序中所述部署扩展。When the VM's status is "Running", deploy the extension as described above in Deploying the Qualys built-in vulnerability scanner.

为什么我的 VM 在建议中显示为“不适用”?Why does my VM show as "not applicable" in the recommendation?

打开建议时,你会在以下一个或多个组中看到你的 VM:When you open the recommendation, you'll see your VMs in one or more of the following groups:

  • 正常的资源 - 已将漏洞扫描程序扩展部署到这些 VM。Healthy resources - the vulnerability scanner extension has been deployed to these VMs.

  • 不正常的资源 - 可以将漏洞扫描程序扩展部署到这些 VM。Unhealthy resources - the vulnerability scanner extension can be deployed to these VMs.

  • 不适用的资源 - 这些 VM 不能部署漏洞扫描程序扩展。Not applicable resources - These VMs can't have the vulnerability scanner extension deployed. 你的 VM 可能在此选项卡中,因为它可能在免费定价层上、缺少 ImageReference 类(与自定义映像和从备份还原的 VM 有关,如 Azure for .NET 文档 中所述),或者未运行受支持的 OS 之一:Your VM might be in this tab because it's on the free pricing tier, it's missing the ImageReference class (relevant to custom images and VMs restored from backup, as explained in the Azure for .NET documentation](https://docs.azure.cn/dotnet/api/microsoft.azure.batch.imagereference?view=azure-dotnet), or it's not running one of the supported OSes:

    • 所有版本的 WindowsAll versions of Windows
    • Red Hat Enterprise Linux 6.7、7.6Red Hat Enterprise Linux 6.7, 7.6
    • Ubuntu 14.04、18.04Ubuntu 14.04, 18.04
    • CentOS 6.10、7、7.6CentOS 6.10, 7, 7.6
    • Oracle Linux 6.8、7.6Oracle Linux 6.8, 7.6
    • SUSE Enterprise Linux 12、15SUSE Enterprise Linux 12, 15
    • Debian 7、8Debian 7, 8

内置漏洞扫描程序会扫描哪些内容?What is scanned by the built-in vulnerability scanner?

该扫描程序在虚拟机上运行,并查找 VM 本身的漏洞。The scanner is running on your virtual machine and looking for vulnerabilities of the VM itself. 从虚拟机上,它无法扫描你的网络。From the virtual machine, it can't scan your network.

该扫描程序是否与我现有的 Qualys 控制台集成?Does the scanner integrate with my existing Qualys console?

安全中心扩展是一个独立于现有 Qualys 扫描程序的工具,并且,由于许可限制,必须在 Azure 安全中心内使用它。The Security Center extension is a separate tool from your existing Qualys scanner and, because of licensing restrictions, must be used within Azure Security Center.

Microsoft Defender 高级威胁防护也包括了威胁和漏洞管理 (TVM)。Microsoft Defender Advanced Threat Protection also includes Threat & Vulnerability Management (TVM). 安全中心漏洞评估扩展有何不同?How is the Security Center Vulnerability Assessment extension different?

Microsoft 正在积极地利用 Windows 中内置的 Microsoft Defender ATP 威胁和漏洞管理解决方案来开发世界级漏洞管理功能。Microsoft is actively developing world-class vulnerability management with Microsoft Defender ATP's Threat & Vulnerability Management solution, built into Windows.

目前,Azure 安全中心的漏洞管理扩展由 Qualys 提供支持。Today, Azure Security Center's Vulnerability Assessment extension is powered by Qualys. 这可以确保同时支持 Windows 和 Linux 虚拟机。This ensures support for both Windows and Linux virtual machines. Qualys 自己对尚无 CVE 的漏洞的了解也会使此扩展受益。The extension also benefits from Qualys's own knowledge of vulnerabilities that don't yet have CVEs.

后续步骤Next steps

本文介绍了用于扫描 VM 的 Azure 安全中心漏洞评估扩展(由 Qualys 提供支持)。This article described the Azure Security Center Vulnerability Assessment extension (powered by Qualys) for scanning your VMs. 如需相关材料,请参阅以下文章:For related material, see the following articles: