Create Azure Connectors

Learn how to create an Azure Connector to onboard your Azure account with Qualys.

  1. Basic Details
  2. Authentication Details
  3. Tags and Activation
  4. Scan Settings
  5. Assign Tags

Steps to Create a Connector

Go to the Connectors tab, click Microsoft Azure Connectors, and then click Create Connector, and our wizard can walk you through the steps.

Basic Details

Enter a name and description (optional) for your connector.

Under applications, you can find two checkboxes.

  • AssetView: Asset Inventory - The connector fetches cloud resource data and populates your Asset Inventory on CSAM.  This is active by default for all connectors. This cannot be disabled.
  • CSPM - The connector fetches cloud resource data and populates your Cloud Inventory on TotalCloud.

Select Enable Remediation to enable remediation on the connector. One-click remediation is a TotalCloud feature that patches misconfigurations in your account with a single click. However, you need to configure additional permissions before you enable remediation for Azure connectors

Ensure you have Write access to the Microsoft Azure subscription for which you enable remediation. Refer to Configuring Remediation for Microsoft Azure.

Authentication Details

Authenticate your cloud account with Qualys.

Account TypeAccount Type

Select an account type for your connector: Global or USGovCloud. You can choose only one account type per connector.

Polling FrequencyPolling Frequency

Select a frequency at which the connector should poll the cloud provider and fetch data.

By default, the connector polling frequency is configured to be every 4 hours. As a result, the connector connects with the cloud provider every 4 hours to fetch the data.

Authentication DetailsAuthentication Details

Enter the authentication information. 

- Application ID and Directory ID

For details on creating an application and retrieving application ID and directory ID, see Create Application and get Application ID, Directory ID. 

- Authentication Key 

For details on generating an authentication key, see Generate Authentication Key.

- Subscription ID

For details on subscription ID, see Acquire Subscription ID.

authentication details for azure connector

Test Connection

Click Test Connection to verify if the connector can successfully authenticate using the provided authentication details in the Microsoft Azure cloud environment. If the test connection is successful, proceed with the connector creation process. If the test connection fails, you may need to check and update the authentication details. 

Tags and Activation

We can activate assets for scanning automatically so you don't have to take this extra step. Select the required check box to enable activation for the required app. We automatically activate the resources as they are discovered and even assign them tags if you want. Enable Vulnerability Management (VM) Scanning to scan discovered assets for vulnerabilities.

Enabling Cloud Perimeter Scan 

When you select the Automatically activate all assets for VM Scanning application check box, you can see a check box to enable cloud perimeter scan.
enable cloud perimeter scan

Select the Enable Cloud Perimeter Scan iif you want to enable launching perimeter scans on Microsoft Azure resources.

Perimeter scan jobs are run automatically based on the settings defined in the Scan Settings step or the Cloud Perimeter Scan - Global Scan Configuration.

You can enable scanning discovered assets on other Qualys applications for a thorough result. We offer activating scans from Policy Compliance (PC), Software Composition Analysis (SCA) and Certficate View (CertView). 

Activating assets for PC Scanning can only be accomplished after enabling PC Agent and Compliance Manager. Contact support to enable them.

Select Asset Tags

We recommend you create at least one generic asset tag (for example, azure) and have the connector automatically apply that tag to all imported assets. You can add more tags to your assets based up on discovered Azure metadata.

Scan Settings

The step for defining scan settings is available only if you select the Enable Cloud Perimeter Scan check box in the Tags and Activation step. 

In this step, you can define customized settings for cloud perimeter scans for the specific connector that you are creating.

If you do not define the custom scan configuration for the connector, the global scan configuration is used for launching the cloud perimeter scan. For details on global scan configuration, see Cloud Perimeter Scan - Global Scan Configuration.

Select the Enable custom scan configuration check box. You can define scan settings, such as scan prefix, option profile, recurrence, and timezone.scan settings

See Cloud Perimeter Scan - Global Scan Configuration for details of the scan settings fields.

Assign Tags

Assign tags to the connector that you are creating. You can also create a new tag. For details on creating new tags, see Configure Tags

Confirmation

Review the connector settings you configured and then click Create Connector.

That’s it! The connector connects with Microsoft Azure to discover resources from the configured region.

The Microsoft Azure page displays the list of Azure connectors. The Status column indicates the status of the connector created: Completed successfully, Completed with errors, Queued, Synchronizing, and Disabled.  

Frequently Asked Questions

Delete Unsynchronized InstancesDelete Unsynchronized Instances

Azure connectors no longer import and sync assets with a Deleted state. In other words, we will not add a new asset to your asset inventory for an Azure connector that is 'Deleted'.

Note:
- We did sync 'Deleted' instances in previous releases. These remain in your assets list until you purge them.
- If the status of an existing asset changes to 'Deleted' then this is updated in the asset details. 
Use this query to easily find Azure assets with a 'Deleted' instance state: azure.vm.state:"DELETED"