METHODOLOGY

The approach and methodology for the line of action were defined by our Tier-3 team to collect usable information required for analysis of the issues reported, in order to provide resolution, thus maintaining a safer and more controlled operation scheme and publishing a report.



ANALYSIS RESULTS

Below is the complete analysis and results.


SUMMARY OF REPORT

Azure Monitor Agent VM extension stopped working when we re-provisioned app and encoder VMs during the deployment of a software upgrade.


Azure Monitor Logs provides monitoring capabilities across cloud and on-premises assets. The Log Analytics agent virtual machine extension for Windows is published and supported by Microsoft. The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace.


FINDINGS

The below resources fall into the scope of impact and can be affected due to security vulnerabilities.

  • Production nodes in US region.
  • Production nodes in US Gov region.
  • Production nodes in Japan region.
  • Recommended actions may affect user productivity and temporary downtime (system reboot) will be required for new changes to take effect.
  • New VM Scale Sets need to be set up in order to resolve VM monitoring issues.


TOOLS

For the execution of this project, the most up-to-date versions of the following tools and components associated with them were used:


Tool
Description
VS Code
Visual Studio Code is a code editor redefined and optimized for building and debugging modern web and cloud applications.
PowerShell Az Module
The Az PowerShell module is a set of cmdlets for managing Azure resources directly from PowerShell.
Microsoft Azure Portal (User Interface)
The Azure portal is a graphical user interface that you can use to manage your Azure resources and services.

 


LINE OF ACTION AND ASSOCIATED TIMELINES

The following table outlines actions performed and their schedule to remediate security issues and vulnerabilities.

 

IDIdentified IssueIdentification DateIncident Resolution
Start DateEnd Date
-Azure Monitor Agent VM extension stopped workingJuly 09 2021July 10 2021July 10 2021


REMEDIATION PROCEDURE

Below is the detail about actions performed to remove security vulnerabilities.


Problem Identification
Azure Monitor Agent VM extension stopped working.
Problem Description
Azure Monitor Logs provides monitoring capabilities across cloud and on-premises assets. The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace. Azure could not collect logs from prod VMs because the monitoring agent VM extension stopped working.
Remediation Action
New VM Scale Sets were provisioned that helped resolve the issue.