Create an Azure Virtual Machine Snapshot

Tenable Cloud Security Agentless Assessment performs scans on Azure Virtual Machines through the assessment of virtual hard disk snapshots. Snapshots can be created manually or automatically through the use of Azure Backup Vault. Tenable recommends that you automate this process.

• Create a snapshot manually

• Automate Azure Virtual Machine Snapshot Creation

Create Azure Virtual Machine Snapshot Manually

To create a snapshot manually:

1. In the Azure portal, select Create a resource.

2. Search for and select Snapshot.

   The Snapshot window appears.

3. Click Create.

   The Create snapshot window appears.

4. In the Basics tab, do the following:

   1. For Resource group, select an existing resource group or enter the name of a new one.

   2. In the Instance details section, provide the following information:

   • Name — Name of the snapshot.

   • Region — The Azure region into which the resource should be deployed. For the list of supported regions, see Agentless Assessment Requirements for Azure.

   • Snapshot type — The type of snapshot determines its pricing and functionality.

     • Full: Make a complete read-only copy of the selected disk.

     • Incremental: Save on storage costs by making a partial copy of the disk based on the difference between the last snapshot.

   • Source subscription — The subscription that contains the managed disk to be backed up.

   • Source disk — The disk to use as the source of this new snapshot.

   • Storage type — Select Standard HDD, unless you require zone-redundant storage or high-performance storage (Premium HDD) for your snapshot.

5. Click the Encryption tab and ensure that Key management is set to Platform-managed key.

   Platform-managed keys (PMKs) are key encryption keys that are generated, stored, and managed entirely by Azure.

6. Click the Networking tab and ensure that Network access is set to Enable public access from all networks.

7. Click the Advanced tab and ensure that the Enable data access authentication mode is disabled.

8. (Optional) Configure the Tags tab by providing name/value pairs for your resources.

9. Click Review + create.

   Azure validates the snapshot and shows a summary of the snapshot.

10. Click Create to create the snapshot.

Automate Azure Virtual Machine Snapshot Creation

To get you started, an automated solution is provided on Tenable GitHub.