{"id":3023,"date":"2024-08-22T00:03:22","date_gmt":"2024-08-22T00:03:22","guid":{"rendered":"https:\/\/www.intellisecsolutions.com\/2024\/08\/22\/analyse-sans-agent-a-laide-de-microsoft-defender-for-cloud\/"},"modified":"2024-08-22T00:03:22","modified_gmt":"2024-08-22T00:03:22","slug":"analyse-sans-agent-a-laide-de-microsoft-defender-for-cloud","status":"publish","type":"post","link":"https:\/\/www.intellisecsolutions.com\/fr\/2024\/08\/22\/analyse-sans-agent-a-laide-de-microsoft-defender-for-cloud\/","title":{"rendered":"Analyse sans agent \u00e0 l&#8217;aide de Microsoft Defender for Cloud"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"3023\" class=\"elementor elementor-3023\">\n\t\t\t\t<div class=\"elementor-element elementor-element-9b83c52 e-con-full-nospace e-flex e-con e-parent\" data-id=\"9b83c52\" data-element_type=\"container\" data-settings=\"{&quot;content_width&quot;:&quot;full-nospace&quot;}\" data-sticky-container=\"\">\r\n\t\t\t\t<div class=\"elementor-element elementor-element-d65d3b8 cms-eptitle-overlay-1 elementor-widget elementor-widget-cms_page_title\" data-id=\"d65d3b8\" data-element_type=\"widget\" data-widget_type=\"cms_page_title.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<div class=\"cms-eptitle-overlay cms-overlay cms-bg-parallax cms-lazy\" style=\"--cms-bg-lazyload:url(https:\/\/www.intellisecsolutions.com\/wp-content\/uploads\/2024\/08\/digital-8280787_1280.jpg);background-image:var(--cms-bg-lazyload-loaded);background-position:top center;\"><div class=\"cms-eptitle-overlay-shadow cms-overlay rtl-flip\"><\/div><\/div>\n<div class=\"cms-eptitle cms-eptitle-1 relative z-top text-start\">\n\t<div class=\"cms-content container text-start d-flex justify-content-start\">\n\t\t<div class=\"cms--content d-flex justify-content-start\">\n\t\t\t<div class=\"cms-small-title pb-10 w-100 text-15 text-uppercase pt-5 text-white ls-06 empty-none\"><\/div>\n\t\t\t<h1 class=\"cms-title lh-11538 text-65 text-tablet-50 text-mobile-30 text-white w-100 empty-none\"> <\/h1>\n\t\t\t<div class=\"cms-desc pt-20 w-100 text-17 text-white empty-none\"><\/div>\n\t\t\t<div class=\"d-flex align-items-center gap empty-none w-100 pt-35 justify-content-start\" style=\"--cms-gap:30px;--cms-gap-tablet:30px;--cms-gap-mobile:20px;\"><\/div>\n\t\t\t<ul class=\"cms-breadcrumb unstyled text-white text-hover-white justify-content-start\"><li><span class=\"breadcrumb-entry\" >Accueil<\/span><\/li><\/ul>\t\t<\/div>\n\t<\/div>\n<\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\r\n\t\t<div class=\"elementor-element elementor-element-65faf55 e-flex e-con-boxed e-con e-parent\" data-id=\"65faf55\" data-element_type=\"container\" data-settings=\"{&quot;content_width&quot;:&quot;boxed&quot;}\" data-sticky-container=\"\">\r\n\t\t\t\t\t<div class=\"e-con-inner\">\r\n\t\t\t\t<div class=\"elementor-element elementor-element-8f94e4e elementor-widget elementor-widget-spacer\" data-id=\"8f94e4e\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6ded8eb elementor-widget elementor-widget-cms_breadcrumb\" data-id=\"6ded8eb\" data-element_type=\"widget\" data-widget_type=\"cms_breadcrumb.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<div class=\"cms-ebreadcrumb cms-breadcrumb cms-breadcrumb-1 d-flex\">\n    <ul class=\"cms-breadcrumb unstyled\"><li><span class=\"breadcrumb-entry\" >Accueil<\/span><\/li><\/ul><\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7b21065 elementor-widget elementor-widget-cms_heading\" data-id=\"7b21065\" data-element_type=\"widget\" data-widget_type=\"cms_heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<div class=\"cms-eheading cms-eheading-1 text-start\">\n\t<div class=\"cms-smallheading text-accent pb-10 text-16 font-600 empty-none\">S\u00e9curit\u00e9 du Cloud<\/div>\n\t<h2 class=\"cms-heading empty-none text-heading lh-1375\">Analyse sans agent \u00e0 l'aide de Microsoft Defender pour Cloud<\/h2>\n<\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\r\n\t\t\t\t<\/div>\r\n\t\t<div class=\"elementor-element elementor-element-38f698c e-flex e-con-boxed e-con e-parent\" data-id=\"38f698c\" data-element_type=\"container\" data-settings=\"{&quot;content_width&quot;:&quot;boxed&quot;}\" data-sticky-container=\"\">\r\n\t\t\t\t\t<div class=\"e-con-inner\">\r\n\t\t\t\t<div class=\"elementor-element elementor-element-e5b7ecb elementor-widget elementor-widget-cms_heading\" data-id=\"e5b7ecb\" data-element_type=\"widget\" data-widget_type=\"cms_heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<div class=\"cms-eheading cms-eheading-13 text-start empty-none\">\n\t<div class=\"cms-title empty-none text-heading text-26 text-mobile-20 lh-1375 font-600 empty-none pb-15\"><\/div>\n\t<div class=\"cms-desc-bold font-700 empty-none text-heading pb-25 empty-none\"><\/div>\n\t<div class=\"cms-desc empty-none text-body empty-none\">To fully grasp the concept of agentless scanning in Microsoft Defender for Cloud, it\u2019s essential to delve into a few key questions that will shed light on this innovative feature. Firstly, what exactly is agentless scanning? Understanding this will provide the foundation for our discussion. Next, we\u2019ll explore how agentless scanning operates, unraveling the mechanisms behind its functionality and why it offers a distinct advantage. Finally, we will guide you through the steps required to enable agentless scanning, ensuring you can leverage this tool effectively. Through this comprehensive exploration, you\u2019ll gain a thorough understanding of agentless scanning and how it can enhance your cloud security strategy.<\/div>\n<\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3d9644e elementor-widget elementor-widget-text-editor\" data-id=\"3d9644e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.23.0 - 05-08-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<h4 class=\"wp-block-heading\">What is agentless scanning?<\/h4><p>Agentless scanning refers to the process of evaluating and analyzing systems, networks, and devices without the need to install any software agents on the devices being scanned. This approach uses network-based techniques to gather information and assess the security posture or compliance status of the target systems.<\/p><p>Key characteristics and benefits of agentless scanning include:<\/p><ol><li><strong>No Software Installation<\/strong>: There\u2019s no need to deploy software agents on the target devices, which simplifies deployment and reduces administrative overhead.<\/li><li><strong>Minimal System Impact<\/strong>: Because there are no agents running on the devices, there\u2019s little to no performance impact on the systems being scanned.<\/li><li><strong>Broad Coverage<\/strong>: It can scan a wide range of devices, including those that may not support agent-based solutions, such as IoT devices, printers, and network equipment.<\/li><li><strong>Ease of Maintenance<\/strong>: Without agents to manage, there\u2019s no need for updates or troubleshooting of agent software on multiple devices.<\/li><li><strong>Quick Deployment<\/strong>: Agentless scanning can be quickly implemented and configured, providing immediate insights without the delay of deploying agents.<\/li><\/ol><h4 class=\"wp-block-heading\"><span id=\"How_does_agentless_scanning_work\" class=\"ez-toc-section\"><\/span>How does agentless scanning work?<\/h4><p>Agentless scanning in Microsoft Defender for Cloud collects data from virtual machines (VMs) using cloud APIs. It takes snapshots of VM disks, performing an out-of-band analysis of the operating system configuration and file system without affecting the VM. The metadata extracted from these snapshots is analyzed to detect configuration gaps and potential threats. Snapshots are deleted after metadata collection, ensuring minimal data retention. This process supports broad visibility, vulnerability assessment, secret scanning, and threat detection without installing agents or impacting performance.<\/p><figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" class=\"wp-image-334 aligncenter\" src=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-6-1024x371.png\" sizes=\"(max-width: 1024px) 100vw, 1024px\" srcset=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-6-1024x371.png 1024w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-6-300x109.png 300w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-6-768x278.png 768w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-6.png 1280w\" alt=\"\" width=\"1024\" height=\"371\" \/><\/figure><h4 class=\"wp-block-heading has-text-align-left\"><span id=\"Why_use_agentless_scanning\" class=\"ez-toc-section\"><\/span>Why use agentless scanning?<\/h4><p>Choosing between agentless and agent-based scanning in Microsoft Defender for Cloud largely depends on your specific use case and environment. Each approach has unique features and benefits that can align differently with your security needs. To aid in making an informed decision, I have compiled a comparison of key features and advantages of both agentless and agent-based scanning. This comparison will help you understand which option may be best suited for your cloud security strategy.<\/p><figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th>Feature<\/th><th>Agentless Scanning<\/th><th>Agent-Based Scanning<\/th><\/tr><\/thead><tbody><tr><td><strong>Data Collection Method<\/strong><\/td><td>Cloud APIs and disk snapshots<\/td><td>Agents installed on VMs<\/td><\/tr><tr><td><strong>Performance Impact<\/strong><\/td><td>Minimal, no impact on VM performance<\/td><td>Potential impact due to agent running on VMs<\/td><\/tr><tr><td><strong>Setup<\/strong><\/td><td>No installation required<\/td><td>Requires agent installation and maintenance<\/td><\/tr><tr><td><strong>Visibility<\/strong><\/td><td>Broad, out-of-band analysis<\/td><td>Detailed, real-time monitoring<\/td><\/tr><tr><td><strong>Data Retention<\/strong><\/td><td>Snapshots deleted after metadata extraction<\/td><td>Continuous data collection<\/td><\/tr><tr><td><strong>Vulnerability Assessment<\/strong><\/td><td>Supported<\/td><td>Supported<\/td><\/tr><tr><td><strong>Analyse de configuration<\/strong><\/td><td>Supported<\/td><td>Supported<\/td><\/tr><tr><td><strong>Threat Detection<\/strong><\/td><td>Supported<\/td><td>Supported<\/td><\/tr><tr><td><strong>Secret Scanning<\/strong><\/td><td>Supported<\/td><td>Supported<\/td><\/tr><\/tbody><\/table><\/figure><h4 class=\"wp-block-heading\"><span id=\"How_to_enable_agentless_scanning\" class=\"ez-toc-section\"><\/span>How to enable agentless scanning?<\/h4><h5 class=\"wp-block-heading\"><span id=\"Prerequisites\" class=\"ez-toc-section\"><\/span>Prerequisites<\/h5><p>Agentless scanning is automatically enabled when you onboard your VMs to either the Defender Cloud Security Posture Management (CSPM) plan or the Defender for Servers P2 plan.\u00a0If you already have Defender for Servers P2 enabled and agentless scanning is turned off, you can easily enable it by following these steps:<\/p><ol><li><strong>Open the Environment settings<\/strong>\u00a0in Microsoft Defender for Cloud and select the relevant account or project.<\/li><li><strong>For either the CSPM or Defender for Servers P2 plan<\/strong>, navigate to Settings and turn on Agentless scanning for machines.<\/li><li><strong>Save the changes<\/strong>\u00a0and proceed to configure access based on your cloud environment (Azure, AWS, or GCP).<\/li><\/ol><p>Unlike agent-based scanning in Defender for Servers you can exclude servers from being scanned.<\/p><h5 class=\"wp-block-heading\"><span id=\"Demonstration\" class=\"ez-toc-section\"><\/span>Demonstration<\/h5><p>In this case, we are going to enable the agentless scanning from Microsoft Defender CSPM so this feature needs to be enabled<\/p><figure class=\"wp-block-image size-large\"><img decoding=\"async\" class=\"wp-image-328 aligncenter\" src=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-1024x229.png\" sizes=\"(max-width: 1024px) 100vw, 1024px\" srcset=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-1024x229.png 1024w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-300x67.png 300w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-768x172.png 768w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-1536x344.png 1536w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image.png 1797w\" alt=\"\" width=\"1024\" height=\"229\" \/><\/figure><p>Next, click on the settings to configure Defender CSPM and we make sure the Agentless scanning for Machines is enabled.<\/p><figure class=\"wp-block-image size-large\"><img decoding=\"async\" class=\"wp-image-329 aligncenter\" src=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-1-1024x161.png\" sizes=\"(max-width: 1024px) 100vw, 1024px\" srcset=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-1-1024x161.png 1024w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-1-300x47.png 300w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-1-768x121.png 768w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-1-1536x242.png 1536w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-1.png 1792w\" alt=\"\" width=\"1024\" height=\"161\" \/><\/figure><p>Agentless scanning will be enabled for all the virtual machines but if you want to exclude virtual machines you click on Edit Configurations and exclude the virtual machines you want using exclusion tags<\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-331 aligncenter\" src=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-3.png\" sizes=\"(max-width: 856px) 100vw, 856px\" srcset=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-3.png 856w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-3-300x176.png 300w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-3-768x449.png 768w\" alt=\"\" width=\"856\" height=\"501\" \/><\/figure><p>And for this demo, I have installed a \u201cDibizor\u201d Mallware on a virtual machine it was detected by the Agentless Scanning Engine as shown in the following screenshot<\/p><figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-333 aligncenter\" src=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-5-1024x701.png\" sizes=\"(max-width: 1024px) 100vw, 1024px\" srcset=\"https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-5-1024x701.png 1024w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-5-300x205.png 300w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-5-768x526.png 768w, https:\/\/laythchebbi.com\/wp-content\/uploads\/2024\/07\/image-5.png 1165w\" alt=\"\" width=\"1024\" height=\"701\" \/><\/figure><h4>\u00a0<\/h4><h4 class=\"wp-block-heading\"><span id=\"Conclusion\" class=\"ez-toc-section\"><\/span>Conclusion<\/h4><p>\u00a0<\/p><p>Agentless scanning in Microsoft Defender for Cloud is a powerful tool that enables organizations to assess the security of their cloud environments without the need for installed agents or network connectivity. By providing broad visibility, deep analysis, vulnerability assessment, secret scanning, and malware detection, agentless scanning helps identify and mitigate security risks, ensuring the overall health and resilience of your cloud infrastructure.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a8b961a elementor-widget elementor-widget-spacer\" data-id=\"a8b961a\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\r\n\t\t\t\t<\/div>\r\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Pour bien comprendre le concept de l&#8217;analyse sans agent dans Microsoft Defender for Cloud, il est essentiel de r\u00e9pondre \u00e0 quelques questions cl\u00e9s qui vous \u00e9claireront sur cette fonctionnalit\u00e9 innovante.<br \/>\nTout d&#8217;abord, qu&#8217;est-ce que l&#8217;analyse sans agent ?<br \/>\nLa compr\u00e9hension de cette question servira de base \u00e0 notre discussion.<br \/>\nEnsuite, nous explorerons le fonctionnement de l&#8217;analyse sans agent, en d\u00e9cryptant les m\u00e9canismes qui sous-tendent cette fonctionnalit\u00e9 et en expliquant pourquoi elle offre un avantage certain.<br \/>\nEnfin, nous vous guiderons \u00e0 travers les \u00e9tapes n\u00e9cessaires pour activer le balayage sans agent, afin que vous puissiez exploiter cet outil de mani\u00e8re efficace.    <\/p>","protected":false},"author":1,"featured_media":3010,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[32],"tags":[],"class_list":["post-3023","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-securite-de-linformatique-en-nuage"],"_links":{"self":[{"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/posts\/3023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/comments?post=3023"}],"version-history":[{"count":0,"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/posts\/3023\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/media\/3010"}],"wp:attachment":[{"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/media?parent=3023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/categories?post=3023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intellisecsolutions.com\/fr\/wp-json\/wp\/v2\/tags?post=3023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}