部署合作伙伴漏洞扫描解决方案Deploying a partner vulnerability scanning solution

如果你使用的是标准层,则可以使用 Azure 安全中心的内置漏洞评估工具,如适用于虚拟机的集成漏洞扫描程序中所述。If you're on the standard tier, you're able to use Azure Security Center's built-in vulnerability assessment tool as described in Integrated vulnerability scanner for virtual machines. 此工具不需要 Qualys 许可证,甚至不需要 Qualys 帐户 - 在安全中心内一切都可以进行无缝处理。This tool doesn't require a Qualys license or even a Qualys account - everything's handled seamlessly inside Security Center.

或者,你可能想要从 QualysRapid7 部署你自己的专用许可漏洞评估解决方案。Alternatively, you might want to deploy your own privately-licensed vulnerability assessment solution from Qualys or Rapid7. 可以在属于同一订阅的多个 VM 上安装这些合作伙伴解决方案之一。You can install one of these partner solutions on multiple VMs that belong to the same subscription.

配置合作伙伴解决方案Configuring a partner solution

  1. 在“安全中心”仪表板的“概览”部分,单击“建议” 。On the Security Center dashboard, in the Overview section, click Recommendations.

  2. 在“建议”页上,选择“应在虚拟机上安装漏洞评估解决方案” 。On the Recommendations page, select Vulnerability assessment solution should be installed on your virtual machines.

    漏洞评估

  3. 在“应在虚拟机上安装漏洞评估解决方案”页面上,选择要在其上安装漏洞评估解决方案的 VM。On the Vulnerability assessment solution should be installed on your virtual machines page, select the VMs where you want to install the vulnerability assessment solution.

    添加漏洞评估解决方案

  4. 在“应在虚拟机上安装漏洞评估解决方案”页面上,单击“在 2 个 VM 上安装”(此名称可能因所选 VM 数目而异) :On the Vulnerability assessment solution should be installed on your virtual machines page, click Install on 2 VMs (the name might vary according to the number of VMs that you selected):

    添加漏洞评估

  5. 可以创建新的漏洞评估,也可以使用现有的解决方案。You can create a new vulnerability assessment or use an existing solution. 如果创建新的漏洞评估,可以在“Azure 市场”中选择合作伙伴解决方案。If you create a new vulnerability assessment, you can select a partner solution in the Azure Marketplace. 也可以在“使用现有解决方案”下选择“Qualys”或“Rapid7”。 Or, under Use existing solution, select Qualys or Rapid7.

    若要从安全中心部署代理,需要供应商提供的许可证代码和公钥。To deploy the agent from Security Center, you need a license code and public key from the vendor. 若要了解如何获取许可证代码和公钥,请参阅 Qualys 文档Rapid7 文档To learn how to get the license code and public key, see the Qualys documentation or Rapid7 documentation.

  6. 若要创建新评估,请单击“新建”。To create a new assessment, click Create new. 此时会打开合作伙伴的“漏洞管理”页面。The partner's vulnerability management page opens. 此页上显示的选项可能会因合作伙伴而异。The options shown on this page might change depending on the partner.

    创建新的漏洞评估解决方案

    若要设置 Qualys(例如),请选择“Qualys”,然后:To set up Qualys (for example), select Qualys then:

    1. 对于“资源组”,请选择“使用现有资源组”。 For Resource group, select Use existing.

    2. 对于“位置”,请选择解决方案所在的地理位置。For Location, select where the solution is geographically located.

    3. 在“许可证代码”框(特定于 Qualys)中,输入合作伙伴提供的许可证。In the License code box (this is specific for Qualys), enter the license provided by the partner.

    4. 在“公钥”框(特定于 Qualys)中,输入合作伙伴提供的公钥信息。In the Public key box (this is specific for Qualys), enter the public key information provided by the partner.

    5. 若要在此 Qualys 解决方案的订阅中的所有已发现 VM 上自动安装漏洞评估代理,请选中“自动更新”复选框。To automatically install a vulnerability assessment agent on all discovered VMs in the subscription of this Qualys solution, select the Auto update check box.

    6. 单击 “确定”Click OK.

查看建议Review the recommendation

在目标 VM 上安装漏洞评估解决方案后,安全中心会扫描 VM,以便检测、标识系统和应用程序的漏洞。After the vulnerability assessment solution is installed on the target VM, Security Center scans the VM to detect and identify system and application vulnerabilities.

备注

完成第一次扫描可能需要数小时。It might take a couple of hours for the first scan to complete. 此后的每次扫描需要一小时。After that, it is an hourly process.

删除的问题显示在“虚拟机建议”下。Detected issues are shown under the Virtual Machines Recommendations.

后续步骤Next steps

本文介绍了 Qualys 支持的用于扫描虚拟机的内置漏洞评估工具。This article described the built-in vulnerability assessment tool powered by Qualys for scanning your VMs. 有关相关材料,请参阅以下文章:For related material, see the following articles: