Skip to content

Latest commit

 

History

History

Vulnerability Solution

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
New-ASCVASolution.ps1
New-ASCVASolution.ps1
 
 
README.md
README.md
 
 

README.md

New-ASCVASolution.ps1

This script will create new Qualys or Rapid7 vulnerability assessment (VA) solution in Azure Security Center (ASC).

Description

ASC contract VA solution is provided as an integration service. This script uses REAST API to create new Security Solution in ASC. The solution requires a license and a key provided by the 3rd party VA provider: Qualys or Rapid7 Note that only one solution can be created per license. An attempt to create another solution using the same name/license/key will fail.

Usage

PARAMETER SubscriptionId
[mandatory]
The subscriptionID of the Azure Subscription that contains the resources you want to analyze

PARAMETER ResourceGroupName
[mandatory]
It can be any existing resource group. Using ASC default "DefaultResourceGroup-xxx" is one recommended option.
Note that since the ASC VA solution is not Azure resource it will not be listed under the resource group, but still it is attached to it.

PARAMETER vaSolutionName
[mandatory]
The name of the new solution

PARAMETER vaType
[mandatory]
Qualys or Rapid7

PARAMETER licenseCode
[mandatory]
VA License string aquired from the vendor.
A Base64 representation of config zip file provided by Rapid7

PARAMETER publicKey
[mandatory]
Public key recieved from the vendor

PARAMETER autoUpdate
Turn solution Auto deploy. When On every new VM to the subscription will be automatically attempted to link to the solution. Default: False

Examples

Syntax:

.\New-ASCVASolution.ps1 -subscriptionId <Subscription Id> -resourceGroupName <RG Name> -vaSolutionName <New solution name> -vaType <Qualys / Rapid7> -autoUpdate <true/false> -licenseCode <License Code from vendor> -publicKey <Public Key recieved from vendor>

Full command:

   .\New-ASCVASolution.ps1 -subscriptionId 'f4cx1b69-dtgb-4ch6-6y6f-ea2e95373d3b' -resourceGroupName 'DefaultResourceGroup-WEU' -vaSolutionName 'QualysVa001' -vaType 'Qualys' -autoUpdate 'false' `
   -licenseCode 'eyJjaWQiOiJkZDg5OTYzXe4iMTMzLWM4NTAtODM5FD2mZWM1N2Q3ZGU5MjgiLCJgbTYuOiIyMmM5NDg3MS1lNTVkLTQ1OGItYjhlMC03OTRhMmM3YWM1ZGQiLCJwd3NVcmwiOiJodHRwczovL3FhZ3B1YmxpYy1wMDEuaW50LnF1YWx5cy5jb20vQ2xvdSKJY6VudC8iLCJwd3NQb3J0IjoiNDQzIn0=' `
   -publicKey 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCOiOLXjOywMfLZIBGPZLwSocf1Q64GASLK9OHFEmanBl1nkJhZDrZ4YD5lM98fThYbAx1Rde2iYV1ze/wDlX4cIvFAyXuN7HbdkeIlBl6vWXEBZpUU17bOdJOUGolzEzNBhtxi/elEZLghq9Chmah82me/okGMIhJJsCiTtglVQIDAQAB'

Note: The values in the example above are fake. Any attempt to use the example as is will fail.

Prerequisites

Required PowerShell modules

Install-module Az
Install-module Az.security

Script notes
  • Resource Group is required for BYOL VA solution deployment.
    Since BYOL VA solution is not Azure resource, it will not show under RG resources, but the link exist.
  • Delete the alleged empty Resource Group will break the VA solution deployment.
  • Target RG for the BYOL VA solution deployment can reside in any region.
  • The script is taking the RG location for the solution to be created on, but it can be anywhere regardless of the RG location. If required change it in the template json in row #106: Location: "$($solutionLocation)"
  • The $loc = (Get-AzSecurityLocation).Name in the script is merely fetching the subscription configuration location (for ASC) which is required for the REST API URI.
  • For any location setting above no data is stored in. It's only for the VA solution configurations.
Credits

AUTHOR: Eli Sagie, Azure Security Center EEE
LASTEDIT: March 11, 2021 2.10 - 2.10 change log: Changing the solution destination location to reside on the Resource-Group location

Link

This script posted and discussed at the folllowing location:
https://github.com/Azure/Azure-Security-Center/tree/master/Powershell scripts