Azure Monitor-Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. EMS

    You need to fully integrate Azure ems into OMS. Azure is viewed as the identity management solution. you need to be 100% aligned with this . Currently you are not and this needs to be resolved and integrated with OMS workspace

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  2. Post Query syntax - Software inventory

    I'm looking for OMS query syntax (need to build a query that will pull software inventory by PC) and the link in the help file called Complete query syntax opens https://technet.microsoft.com/library/mt450427.aspx - We are sorry this page cannot be found
    Any help would be appreciated

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  3. SQL Extended Events

    Read SQL Extended Audit...
    The issue is that DB Admin needs a means to identify DDL changes to ANY database in our environments that is not intrusive… The issue for us is that we have given ALTER schema to development team for changing their stored procedures however that permission allows the user/login to make other changes to existing objects ….

    So…
    We can use extended events or audit to capture object changes etc. on SQL servers. Extended events are much more definable and write to a defined file when it occurs. I believe that MS has indicated that it favors…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  4. Being able to collect logs from OSX clients. All logs would be great; I'm specifically interested in security related events.

    Natively (no agent) send Syslog traffic to a collection point and have it upload the logs to Log Analytics.
    Use an agent to install on OSX that can send OSX logs to a collection point or direct to Log Analytics.
    I’m specifically interested in security related logs from Mac client machines on Enterprise networks. That said if were able to collect logs it shouldn’t be limited to security information. It would be nice to be able to see patch level, ability to collect all logs, performance metrics, etc.

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  5. Key vault

    Key Vault integration or other solution so that the customer ownes the encryption key.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  6. software inventory

    I'd like to be able to perform full software inventory on servers and be able to identify non-current versions of programs installed, i.e. JAVA, Adobe Reader etc.

    Management Suite should be able to push the newest versions to servers.

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  7. Make membername field facetable

    I am trying to search and find out security group changes for a user. The field I need is greyed out.

    The query I am running is Type=SecurityEvent EventID=4728 OR EventID=4729
    and I want to drill down into the MemberName field

    More info can be found here
    https://social.msdn.microsoft.com/Forums/azure/en-US/22a19ec3-a273-479a-8b7d-7aeb902d494b/fields-greyed-out?forum=opinsights

    Why is it unavailable, and can it be made available? it's a very useful security query.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  8. Expand Data Retention for Security and Audit IP

    Provide to ability to expand the data retention to 3-8 years. Some customers do have compliance rules to save their security related data for 8 years. When this could be accomplished we move our ACS implementations on premise to OpInsights.

    159 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
2 Next →
  • Don't see your idea?

Feedback and Knowledge Base