Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. "Eicar" test functionality

    A similar test as the "Eicar" so we can show customers a demo of Threat Intelligence without introducing any risks.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  2. predictive telemetry Azure ML and TDSP

    Connect your telemetry with Machine Learning and predictive environnement for detect typologies of events : configuration server, performance track, health events, audit gpo, sql events , audit, quality...

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  3. Is there a way to ignore recommendations not in either of the Assessment solutions?

    There is functionality in place today to ignore recommendations for SQL and AD assessments. Can this be extended to the Security and Audit portion and the other solutions?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  4. Possible false phish report

    getting alerted that this site is a phish with a confidence level of 75% 167.89.125.30 but it reverses to sendgrid. Is there a link within oms to modify this behavior. I'm pretty sure its not a phish but I guess I could be getting fooled somehow. The thing that makes me go hmmm is why is this coming from a server that has nothing to do with sendgrid!
    thanks

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  5. EMS

    You need to fully integrate Azure ems into OMS. Azure is viewed as the identity management solution. you need to be 100% aligned with this . Currently you are not and this needs to be resolved and integrated with OMS workspace

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  6. SQL Extended Events

    Read SQL Extended Audit...
    The issue is that DB Admin needs a means to identify DDL changes to ANY database in our environments that is not intrusive… The issue for us is that we have given ALTER schema to development team for changing their stored procedures however that permission allows the user/login to make other changes to existing objects ….

    So…
    We can use extended events or audit to capture object changes etc. on SQL servers. Extended events are much more definable and write to a defined file when it occurs. I believe that MS has indicated that it favors…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  7. Post Query syntax - Software inventory

    I'm looking for OMS query syntax (need to build a query that will pull software inventory by PC) and the link in the help file called Complete query syntax opens https://technet.microsoft.com/library/mt450427.aspx - We are sorry this page cannot be found
    Any help would be appreciated

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  8. Make membername field facetable

    I am trying to search and find out security group changes for a user. The field I need is greyed out.

    The query I am running is Type=SecurityEvent EventID=4728 OR EventID=4729
    and I want to drill down into the MemberName field

    More info can be found here
    https://social.msdn.microsoft.com/Forums/azure/en-US/22a19ec3-a273-479a-8b7d-7aeb902d494b/fields-greyed-out?forum=opinsights

    Why is it unavailable, and can it be made available? it's a very useful security query.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
2 Next →
  • Don't see your idea?

Feedback and Knowledge Base