Open LianaT opened 2 years ago
sinbai
commented
2 years ago @LianaT Thank you for posting this issue here. Currently, the terraform provider could not support this feature since the Azure API used by terrafrom provider does not support it. It only supports the "default" (Qualys) one.
helderpinto
commented
2 years ago @sinbai Actually, when using the REST API, if you create a Microsoft.Security/serverVulnerabilityAssessments sub-resource under a Virtual Machine resource and give it the MdeTvm name, that VM will be using the MDE vulnerability assessment solution. However, the Terraform provider is currently not supporting the name property that would allow for that.
StevenWolfeCAI
commented
5 months ago Similarly -- the azurerm provider could / should offer parity for deploying the vulnerability solutions are the Resource Group similar to the PowerShell script: https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Powershell%20scripts/Vulnerability%20Solution/New-ASCVASolution.ps1#L137
And, if supported, for other scopes (Subscription, Management Group)
simaotwx
commented
4 months ago I have this in my code:
resource "azurerm_security_center_server_vulnerability_assessments_setting" "mdetvm" {
vulnerability_assessment_provider = "MdeTvm"
}
resource "azurerm_security_center_server_vulnerability_assessment_virtual_machine" "vm_vuln_assessment" {
virtual_machine_id = azurerm_virtual_machine.vm.id
depends_on = [
azurerm_virtual_machine_extension.gc_linux,
azurerm_security_center_server_vulnerability_assessments_setting.mdetvm,
]
}but it still fails with:
security.ServerVulnerabilityAssessmentClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BuiltInQualysDeprecation" Message="The Default (built-in Qualys) VA type is deprecated. Please use the MdeTvm VA type instead."
with azurerm_security_center_server_vulnerability_assessment_virtual_machine.vm_vuln_assessment,
│ on virtual_machines.tf line 200, in resource "azurerm_security_center_server_vulnerability_assessment_virtual_machine" "vm_vuln_assessment":
│ 200: resource "azurerm_security_center_server_vulnerability_assessment_virtual_machine" "vm_vuln_assessment" {Is the suggested resource going to fix this?
slideroh
commented
3 months ago @simaotwx did you manage this issue?
barrypitman
commented
3 months ago Also hitting this issue
chirangaalwis
commented
3 months ago We are experiencing the same issue, any update on this?
slideroh
commented
3 months ago Actually looks like you can just remove azurerm_security_center_server_vulnerability_assessment_virtual_machine. It automigrated to mdetvm version or agentless.
Is there an existing issue for this?
Community Note
Description
We need to be able to specify the Vulnerability Assessment (VA) solution in the AzureRM Terraform provider for Microsoft defender for Cloud (previously called Azure Security Center).
We now have two VA solutions- Qualys and Threat and Vulnerability Management (TVM). Currently in AzureRM, we only see it possible to set up VA using Qualys, and not also TVM, so can we also get TVM added as an option (as well as keeping Qualys)?
New or Affected Resource(s)/Data Source(s)
azurerm/azurerm_security_center_server_vulnerability_assessment_virtual_machine
Potential Terraform Configuration
References
https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-tvm#:~:text=Microsoft%27s%20threat%20and%20vulnerability%20management%20is%20a%20built-in,the%20threat%20landscape%20and%20detections%20in%20your%20organization