Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support other Antivirus products in Malware Assessment

    I added the Malware Assessment Intelligence Pack today, and it seems to be listing all of my servers as not having any real time AV protection. The servers in question are running Symantec Endpoint Protection. I looked in the description of the intelligence pack to see what AV products it works with, but didn't find that info.

    [Edited during forum migration: comments/responses in the old forum included Symantec and Sophos]

    459 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      27 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
    • Windows Server 2008 R2 SP1 servers are shown as "No Real time Protection"

      Windows Server 2008 R2 SP1 servers are shown as "No Real time Protection". Although I have SCEP agent on them and real time protection is enabled on them with the same policies as other servers. I have Windows Server 2012 R2, Windows Server 2012 and Windows Server 2008 R2 SP1 servers and 2008 R2 SP1 servers are the only one shown that way.

      31 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        5 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →

        The detection and data collection logic we’re using for Windows Server 2008 R2 needs to be revised.

        Currently we use the same code for collecting status on all platforms, which uses the PowerShell module that ships with recent versions of the SCEP agent.

        The PowerShell module needs PowerShell v3 and makes calls to WMI v2, and this is where we start to see issues since W2K8 R2 SP1 doesn’t include PowerShell v3, so the PowerShell module fails to load.

        To get PowerShell v3 it is necessary to install either Windows Management Framework (WMF) 3.0 or Windows Management Framework 4.0. (WMF 4 includes PowerShell 4) and in turn these packages have dependencies on newer versions of the .Net Framework.

        If WMF isn’t installed prior to SCEP 4.5.216 being installed, then the WMI registration doesn’t occur and calls to the SCEP PowerShell cmdlets will fail.

        The workarounds for this…

      • Include reponsible user to event

        Hi All, awsome product. Just did a test with vulnarabilty assessment. I introduced an eicar test string on one of our vm's. An event was triggerd in OMS. But seems there is some important information missing in the event. The username is not included. (EventId 1116, Microsoft Antimalware) does include the user. Would be a nice addition to include the username of the account that was "responsible" for the generation of the alert.

        14 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
        • DeBlackListing

          Allow for unblacklisting applications inside OMS. From time to time mail relays get blacklisted due to a spammer/phishing attempt. The facility to apply to remove from common blacklists within OMS would be a great feature.

          7 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
          • What does "no realtime protection" and how to fix it?

            No clue what "no realtime data protection means" I clicked it from the security assement windows and I get here but have no way to understand how to fix it or read more. How should I fix that?

            5 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
            • Alert acknowledgement

              Is there a way to acknowledge Alert so the email notifications are no longer triggered? For example Malware was stopped on a PC, alert triggered an email notification that malware was detected and stopped/remediated .. I looked at the alert and issue and all is OK, .but the alert keeps sending email messages?

              4 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
              • Provide ability to install SCEP from OMS

                You provide a nice Malware Assessment, it would be nice to be able to install SCEP Client on systems so you can make sure all your systems are protected as well as analyzed.

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                • Add AVG to the anti malware protection tool

                  Add analytics on common 3rd party tools

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                  • Type of protection computer count

                    The Type of Protection graph shows: 3 total "Computers with antimalware protection". This workspace only has 2 computers connected. I believe that the total should not count twice a computer that has 2 forms of antimalware protection.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                    • Change what Malware Assessment to not consider quarantined items as active threats

                      Malware Assessment alerts on what it considers active threats. Windows Defender - and likely other AV packages - considers quarantined items as inactive threats. Please change Malware Assessment so that quarantined items are not considered active threats.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                      • 1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                        • Customize out-of-the-box querys for a solution

                          Make it possible to change the Queries for a solution such as the malware assessment, where the Blade "Computers with detected threats" continues to show that there are active threats even though the threat have been remove. The reason is that the Query shows events for the last one day which may not be relevant if the events have be handled.

                          0 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Malware Assessment Solution  ·  Flag idea as inappropriate…  ·  Admin →
                          • Don't see your idea?

                          Feedback and Knowledge Base