Merge pull request #112782 from memildin/asc-melvyn-containerwork

PRMerger10 · web-flow · commit 566ec14aa388 · 2020-04-27T04:18:27.000-07:00
Added networking requirements
diff --git a/articles/security-center/built-in-vulnerability-assessment.md b/articles/security-center/built-in-vulnerability-assessment.md
@@ -73,7 +73,6 @@ To deploy the vulnerability scanner extension:
         |SUSE|Linux Enterprise Server (SLES)|11, 12, 15|
         |SUSE|OpenSUSE|12, 13|
         |SUSE|Leap|42.1|
-        |Amazon|Amazon Linux|2015.09, 2016.09, 2017.03, 2017.09, 2018.03, 2|
         |Oracle|Enterprise Linux|5.11, 6, 7.0-7.5|
         |Debian|Debian|7.x-9.x|
         |Ubuntu|Ubuntu|12.04 LTS, 14.04 LTS, 15.x, 16.04 LTS, 18.04 LTS|
@@ -86,6 +85,12 @@ To deploy the vulnerability scanner extension:
     
     Scanning begins automatically as soon as the extension is successfully deployed. Scans will then run at four-hour intervals. This interval is hard-coded and not configurable. 
 
+1. If the deployment fails on one or more VMs, ensure the target VMs can communicate with Qualys's cloud service on the following two IP addresses:
+
+    - 64.39.104.113
+    - 154.59.121.74 
+
+
 ## Viewing and remediating discovered vulnerabilities
 
 When Security Center identifies vulnerabilities, it presents findings and related information as recommendations. The related information includes remediation steps, related CVEs, CVSS scores, and more. You can view the identified vulnerabilities for one or more subscriptions, or for a specific VM.
@@ -134,11 +139,17 @@ For full instructions and a sample ARG query, see this Tech Community post: [Exp
 ### Are there any additional charges for the Qualys license?
 No. The built-in scanner is free to all standard tier users. The "Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)" recommendation deploys the scanner with its licensing and configuration information. No additional licenses are required. 
 
-### What permissions are required to install the Qualys extension?
+### What prerequisites and permissions are required to install the Qualys extension?
 You'll need write permissions for any VM on which you want to deploy the extension.
 
 The Azure Security Center Vulnerability Assessment extension (powered by Qualys), like other extensions, runs on top of the Azure Virtual Machine agent. So it runs as Local Host on Windows, and Root on Linux.
 
+During setup, Security Center checks to ensure that the VM can communicate with Qualys's cloud service on the following two IP addresses:
+
+- 64.39.104.113
+- 154.59.121.74
+
+
 ### Can I remove the Security Center Qualys extension? 
 If you want to remove the extensions from a VM, you can do it manually or with any of your programmatic tools. 
 
@@ -186,7 +197,6 @@ When you open the recommendation, you'll see your VMs in one or more of the foll
     |SUSE|Linux Enterprise Server (SLES)|11, 12, 15|
     |SUSE|OpenSUSE|12, 13|
     |SUSE|Leap|42.1|
-    |Amazon|Amazon Linux|2015.09, 2016.09, 2017.03, 2017.09, 2018.03, 2|
     |Oracle|Enterprise Linux|5.11, 6, 7.0-7.5|
     |Debian|Debian|7.x-9.x|
     |Ubuntu|Ubuntu|12.04 LTS, 14.04 LTS, 15.x, 16.04 LTS, 18.04 LTS|
