I'm trying to follow the below Article(s) to configure Azure Log Analytics for on prem servers as well as Azure servers to get a list of installed software.
It works well on Azure VMs but not on non-Azure VMs. All servers are successfully sending Heartbeats but only the Azure VMs are showing a list of installed Software when running the below query:
ConfigurationData
| summarize arg_max(TimeGenerated, *) by SoftwareName, Computer
| where ConfigDataType == "Software"
| summarize count() by Computer
ref: https://learn.microsoft.com/en-us/azure/automation/automation-tutorial-installed-software
https://learn.microsoft.com/en-us/azure/log-analytics/
Anyone knows how to get the On-Prem to show a list of installed Software?
Ok, I've found the solution!!
For azure its being done automatically but for non azure we need to go manually in our automation account and check on "Enable Inventory" and here we have 3 options (see my screen shots).
From Home --> Automation Accounts --> Automate-%ID%-WEU --> Inventory
may be useful for the Documentation as its a must for non-azure vms
ref: https://learn.microsoft.com/en-us/azure/automation/automation-tutorial-installed-software
CHECK MY COMMENTS AT THE BOTTOM
Related
I want to "scan" and discover installed software on computers. That can be done by using a PowerShell script as this one:
Get-WmiObject -Class Win32_Product | select Vendor, Name, Version| Out-File Outputfile.txt -Append
But instead of doing this manually, I wondered if it's not something Azure could do automatically. Maybe not exactly this script but do Azure have a solution that can scan the end-user's computer for installed software and collect a log in a central place so you can get an overview.
Best regards
Azure Policy Guest Configuration allows you to monitor installed applications on Windows VMs by auditing the configurations inside the VMs.
As mentioned in the document linked by Rahul, you can also use the Azure Automation Change Tracking and Inventory feature to find out which software is installed on both Azure and non-Azure machines. It will provide you with a list with the software that has been found:
You can also check for this in the Azure Monitor inventory logs or under the Inventory for each individual VM's resource page.
I have the need to send my logs to Azure for my custom product. The users of my product can decide what to do (if anything) with these logs. I created a Log Analytics Workspace in the Azure Console. To add a Linux server, I clicked on Advanced Settings, then Connected Sources -> Linux Servers and followed the link to “Download Agent for Linux”, which took me to a Git Hub project. The agent worked and added my server to the workspace. What confused me is the name of the agent, “Microsoft OMS Agent for Linux GA v1.9.0-0”. I have recently read articles that indicate the OMS Portal is retired and is moving to the Azure Portal.
First did I do this correct?
Second, is this the Linux agent that will be used going forward, or will it be renamed to remove OMS from the name?
Is this the Azure Log Analytics agent that I should use and it was previously referred to as the Microsoft Monitoring Agent (MMA) or OMS Linux agent?
Thank you if you can clear this up for me!
The answer to your first question is yes, what you did was correct.
The answer to your second question is yes, most probably this should be the Linux agent that will be used going forward as well because as per this -> https://learn.microsoft.com/en-us/azure/azure-monitor/terminology#april-2018---retirement-of-operations-management-suite-brand article the changes and protential improvements with respect to single integrated platform for monitoring has been made to experience in the Azure portal but their functionality hasn't changed. Also, as per this -> https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux article the OMS agents will just be referred as Log Analytics agents. The same was seen in overview part of this -> https://github.com/Microsoft/OMS-Agent-for-Linux install guide as well.
The answer to your third question is yes, this is the Log Analytics agent you would have to use. For windows the extension / agent is referred as "MicrosoftMonitoringAgent" and for Linux it is referred as "OMSAgentForLinux".
Hope this helps!!
Having read
"The Microsoft Antimalware Client and Service is installed by default in a disabled state in all supported Azure guest operating system families in the Cloud Services platform.
...
When using Azure Websites, the underlying service that hosts the web app has Microsoft Antimalware enabled on it. This is used to protect Azure Websites infrastructure and does not run on customer content."
here: https://learn.microsoft.com/en-us/azure/security/azure-security-antimalware
it appears that although the underlying execution environment is scanned and protected, nothing prevents the deployment of infected files (contrary to the response given here: https://stackoverflow.com/a/44805995/8354791).
And therefore the service needs to enabled.
It also appears this can only be done so via powershell, using the Set-AzureServiceAntimalwareExtension command, as per https://stackoverflow.com/a/25847270/8354791 and Powershell: Add Diagnostics/Antimalware to Azure PaaS Cloud Service using ExtensionConfiguration Parameter
Q: the link is a bit old (2015). Is powershell still the only way to turn on debugging for an App Service?
Q: is the analysis of the above text correct that MS is scanning its own environment, but exclude the scanning of files deployed to their services?
Q: is there a cost to enabling this service?
Q: What is the relationship to Malware Assessment (https://learn.microsoft.com/en-us/azure/log-analytics/log-analytics-malware)? Is that a more current way of scanning Web Apps?
Q: this is a manual approach, using Powershell. Is there a link to understanding how to enable this service using an CI/CD deployed ARM template?
Q: I see this service is mentioned as a solution for scanning deployed code files -- but can this service be used to scan Blobs where uploaded media would be stored?
I know I've asked a lot of questions...but hopefully you agree they are all tightly related...
Thanks immensely!
Azure App Service is a managed platform. Microsoft Antimalware Client and Service is enabled by default on app service instances, there is no user action that allows enabling/disabling this feature for apps hosted in App Service.
All of the documentation you are referencing is about "Azure Cloud Services" and "Azure VM's" and not Azure App Service. Here is the security documentation for Azure App Service: https://learn.microsoft.com/en-us/azure/app-service/app-service-security-readme
Malware Assessment is part of OMS suite and its an additional tool for managing large deployments and detecting instances that might be affected by malicious code.
I am provisioning a new VM for Windows to run some samples using Python notebooks and sql server. The existing samples are using the classic portal. In the new portal, I have the options to add or provision one of two VMs:
Data Science Virtual Machine runs on Windows
Data Science Virtual Machine runs on Windows (CSP)
I want to know the difference; I might be misreading it, it seems one has license (CSP's description says "Bring Your Own License enabled.")? Also, When should one pick one over the other?
Thanks.
The CSP editions of the Data Science Virtual Machine (#DSVM) are only deployable in CSP (Cloud Solution Provider) based subscriptions. CSPs are Microsoft Partner companies that are certified to re-sell Microsoft cloud services and provide value added services on top.
Here's a comparison of the different licensing modes that are available:
Licensing Modes for Cloud Services
If you are not using a CSP subscription you deploy the non CSP offers. As the CSP offers require the licenses to be provided by a CSP and on a CSP Licensing Agreement.
I have a web application which provides data analysis service and deployed on Azure virtual machine. How can i publish it on Azure Marketplace and in which category it will fall?
There is a complete and documented process for that.
You first need to apply as a certified partner :
https://azure.microsoft.com/en-us/marketplace/programs/certified/
Then in the publish steps you will choose up to five categories : https://azure.microsoft.com/en-us/documentation/articles/marketplace-publishing-push-to-staging/#step-4-choose-azure-marketplace-categories
Same thing for all marketing info (logos, pricing, ...)