METHODOLOGY
The approach and methodology for the line of action were defined by our Tier-3 team to collect usable information required for analysis of the issues reported, in order to provide resolution, thus maintaining a safer and more controlled operation scheme and publishing a report.
ANALYSIS RESULTS
Below is the complete analysis and results.
SUMMARY OF REPORT
Azure Monitor Agent VM extension stopped working when we re-provisioned app and encoder VMs during the deployment of a software upgrade.
Azure Monitor Logs provides monitoring capabilities across cloud and on-premises assets. The Log Analytics agent virtual machine extension for Windows is published and supported by Microsoft. The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace.
FINDINGS
The below resources fall into the scope of impact and can be affected due to security vulnerabilities.
- Production nodes in US region.
- Production nodes in US Gov region.
- Production nodes in Japan region.
- Recommended actions may affect user productivity and temporary downtime (system reboot) will be required for new changes to take effect.
- New VM Scale Sets need to be set up in order to resolve VM monitoring issues.
TOOLS
For the execution of this project, the most up-to-date versions of the following tools and components associated with them were used:
| Tool | Description |
| VS Code | Visual Studio Code is a code editor redefined and optimized for building and debugging modern web and cloud applications. |
| PowerShell Az Module | The Az PowerShell module is a set of cmdlets for managing Azure resources directly from PowerShell. |
| Microsoft Azure Portal (User Interface) | The Azure portal is a graphical user interface that you can use to manage your Azure resources and services. |
LINE OF ACTION AND ASSOCIATED TIMELINES
The following table outlines actions performed and their schedule to remediate security issues and vulnerabilities.
| ID | Identified Issue | Identification Date | Incident Resolution | |
| Start Date | End Date | |||
| - | Azure Monitor Agent VM extension stopped working | July 09 2021 | July 10 2021 | July 10 2021 |
REMEDIATION PROCEDURE
Below is the detail about actions performed to remove security vulnerabilities.
| Problem Identification Azure Monitor Agent VM extension stopped working. |
| Problem Description Azure Monitor Logs provides monitoring capabilities across cloud and on-premises assets. The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace. Azure could not collect logs from prod VMs because the monitoring agent VM extension stopped working. |
| Remediation Action New VM Scale Sets were provisioned that helped resolve the issue. |