Onboard CDR for Azure

Connecting Qualys to your Azure account(s) is the first step to protecting your cloud with Qualys Agentless Runtime Cloud Security powered by Deep Learning AI. 

Begin your CDR journey for Azure by following the steps below.

Deployment  

You can deploy the Qualys for Azure terraform module in your Azure environment. The module deploys:  
•    An Azure AD Application with the role of Security Reader. The application provides Qualys access to scan for cloud resource and service misconfigurations, suboptimal security policies, etc.
•    An Azure Function that ingests NSG Flow Logs and sends them to the Qualys SaaS portal for analytics.

You must have Azure administrator or equivalent credentials for the subscriptions you wish to protect to complete the steps below.  

Prerequisites  

Azure Cloud Shell already has the tool prerequisites installed and maybe the preferred environment to deploy the terraform module below. You can skip to this step if you use Azure Cloud Shell.  
Install the following prerequisites for your platform (Windows, Mac, Linux).  

Terraform  

Create and manage the Qualys for Azure infrastructure. Download link.

Azure CLI  

Deploy the infrastructure to your Azure subscription.   Download link.

Azure Function

Deploy the log processor Azure Function.  Download link.

python3  

Auto-register the Blue Hexagon security application created in Azure AD.  Download link.  

NSG Flow Logs Delivered to Storage Account Blob  

Qualys ingests NSG Flow Logs from an Azure storage account blob container in the same region as where the terraform module is deployed below (see location variable in terraform.tfvars). There are a couple of different ways in which to enable Flow Logs, both of which first require that an Azure storage account be created.

1.    Create an Azure storage account by following the steps here. 
2.    Enable NSG Flow Logs for all your network security groups.

Deploy Terraform Module  

The most convenient way to deploy the Terraform module is via Azure Cloud Shell using a bash terminal.  
Step 1: Launch Cloud Shell.  

Step 2: Log into you Azure account after running AZ login.

Step 3: Download the Terraform module qualys_azure.zip from here, and upload it to Cloud Shell.  

Step 4: Unzip qualys_azure.zip, and enter the password provided by your Qualys Technical Account Representative to extract the archive. 


Step 5: Modify terraform.tfvars, specifically modifying the following variables:  

Step 6: Run the following commands to deploy the module in each Azure subscription as needed. 

terraform init  
terraform apply -auto-approve  

Step 7: If terraform apply runs successfully, and the created application registers with Qualys, you should see the following output


To destroy the module and delete the Qualys security application and log processor, run:  

terraform destroy  

Once deployed, Qualys CDR will start the security audit of your Azure subscriptions and surface NSG Flow Logs records, insights, and security findings in the Qualys CDR portal. Information will show in the portal in a few or several minutes, depending on the size of your Azure environment. 

Verify and View Data in the Qualys CDR Portal

Once deployed, Qualys CDR will start the security audit of your Azure subscriptions and surface NSG Flow Logs records, insights, and security findings in the Qualys CDR portal. Information will show in the portal in a few or several minutes, depending on the size of your Azure environment.