Log Analytics

Welcome to the "Azure Log Analytics ":https://azure.microsoft.com/en-us/services/log-analytics/ Feedback page. We appreciate your feedback and look forward to hearing from you. Use this site for new ideas and bug reports or to request help.
NOTE – Log Analytics is now a part of Operations Management Suite. Learn more at http://microsoft.com/OMS

How can we improve Azure Log Analytics ?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. dnat or network rule alert and/or search query

    It would be nice to be able to search if anyone create specifically a dnat rule using azure firewall . At the momemt it is only possible to create a Activity Log Alert for "Creates or updates an Azure Firewall" event , however it’s not limited to NAT Rule Collection only but creates activity logs if it falls under below criteria and you can create an alert on top of it. it’s a broader alert for any activity within the Firewall resource

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  2. Antimalware assessment - Sophos is not recognised

    The Antimalware Assessment currently does not cover systems which are protected by Sophos AV. Can we get this addressed ?

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure Security Center Recommendations Log Analytics Query syntax

    Could someone point me in the direction of a resource that provides a mapping of the recommendations in Security Center (SC) with the associated Log Analytics query syntax? For example SC lists all of the machines that are not compliant with the recommendations in list below. I need to extract these results out into a spreadsheet and cannot see how to do this other than maybe running a query in Log analytics? If so does anyone know of a listing of these queries?

    Designate more than one owner on your subscription (Preview)
    Enable MFA for accounts with owner permissions on…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  4. Log Analytics SecurityEvents - Add System data elements such as Keywords

    Currently, the SecurityEvents table is missing the System data elements from the native Windows Security Log events. Included in the System data elements is the Keywords data item which indicates whether a specific event is an Audit Success or Audit Failure. This significantly reduces the usefulness of LogAnaylytics to track Security Audit events.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  5. Fix Windows2016 baseline detection

    I stumble on some error in the detection. For example :

    OSName,RuleSetting,ExpectedResult,ActualResult
    Windows Server 2016 Datacenter,"Privilege Rights : SeTrustedCredManAccessPrivilege",0,"No One"
    Windows Server 2016 Datacenter,"Privilege Rights : SeTcbPrivilege",0,"No One"
    Windows Server 2016 Datacenter,"Privilege Rights : SeCreateTokenPrivilege",0,"No One"
    Windows Server 2016 Datacenter,"Privilege Rights : SeCreatePermanentPrivilege",0,"No One"
    Windows Server 2016 Datacenter,"Privilege Rights : SeLockMemoryPrivilege",0,"No One"
    Windows Server 2016 Datacenter,"Privilege Rights : SeRelabelPrivilege",0,"No One"

    These user right should according the baseline no have an user of group assigned but detection expects 0 instead on "No One"

    Or do I need to make a support call for this?

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  6. Resource Locks vs. Update Deployments

    An Azure 'No Delete' Resource Lock currently prevents addition or configuration of new OMS update deployments; generating an unspecified error. See Microsoft support case 117080416146171. Understanding is that in the background, creation of a new Update Deployment performs a delete action somewhere and then will bomb out and generate an error such as "This update run could not be scheduled. Please check the computer names, and try again later."

    Have been told that this is not a bug, but a 'feature', so entering it here as a suggested change.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  7. MessageTrace

    It would be nice to receive MessageTrace Logs from O365 into OMS so that we could be more proactive in seeing compromised accounts. This would allow us to be alerted say on a user that is sending 100 messages of the same subject out.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  8. Process Name of Alert "Distinct malicious IP addresses accessed"

    I want to know the process name of the Alert "Distinct malicious IP addresses accessed", for do some protection.
    If the process name is Outlook, I search related mail,
    If the process name is Microsoft Edge, I search the url.

    and I hope the url or host name of mailicious IP address.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  9. Windows file audit event columns - Add more data from the raw XML

    Please add more columns to EventIDs related to Windows file auditing. An example is the query Type=SecurityEvent EventID=4663. When the query is executed, lots of useful data is stuck in the EventData column, such as the SubjectUserName, ProcessID, ProcessName fields. Would be very nice to be able to search on these.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  10. Bitlocker

    Bitlocker
    - Computers that support TPM
    - Bitlocker Status
    - Compliance Status

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  11. How To Configure Gmail SMTP Setup?

    Have a look on how gmail outgoing server setting can be configure in appropriate manner.
    Foremost thing to do is just have quick access on mail application configuration dashboard
    Moving forward, user is required to fill in relevant information related to Gmail email Smtp Settings
    Make sure smtp server name is type as smtp.gmail.com
    Enter username as gmail email address
    Accurate gmail password in password field
    SMTP server port as 465
    User is require to check authentication option
    Once done hit click on finish option
    Now user can enjoy email experience without any hassle. User need to know that there…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  12. Get Splendid Solution for issue related to Gmail SMTP Outgoing Server

    Is user experience trouble in sending mails? If this is the issue, then user is require to dig in configuration setting of gmail outgoing server. SMTP is Simple Mail Transfer Protocol which help in quick delivery of mails. If the mails are not send in proper manner then it may happen that gmail smtp not working.What to do to solve this situation? To avoid this situation user is required to adopt some potential guidelines which can fix the issue in minimal time. http://www.gmailsupportchat.com/article/gmail-email-smtp-and-server-setting-configuration-support

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  13. predictive telemetry Azure ML and TDSP

    Connect your telemetry with Machine Learning and predictive environnement for detect typologies of events : configuration server, performance track, health events, audit gpo, sql events , audit, quality...

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  14. Syslog support by Windows agent

    I want to collect Syslog in some Windows, no-Linux environment.
    Syslog collect from NAS, Router, Firewall, and send to Log Analytics.
    and There are no Linux professional.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  15. Possible false phish report

    getting alerted that this site is a phish with a confidence level of 75% 167.89.125.30 but it reverses to sendgrid. Is there a link within oms to modify this behavior. I'm pretty sure its not a phish but I guess I could be getting fooled somehow. The thing that makes me go hmmm is why is this coming from a server that has nothing to do with sendgrid!
    thanks

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  16. Incorrect CCE-38444-6 Baseline Check

    When reviewing Azure Log Analytics Baselines and review CCE-38444-6 it always shows as failing the audit

    Digging deeper it looks like it is Expecting a Result of Disabled when actually Disabled is 0 due to this registry key being a DWORD value and Not STRING

    See Screenshot Below

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  17. Is there a way to ignore recommendations not in either of the Assessment solutions?

    There is functionality in place today to ignore recommendations for SQL and AD assessments. Can this be extended to the Security and Audit portion and the other solutions?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  18. "Eicar" test functionality

    A similar test as the "Eicar" so we can show customers a demo of Threat Intelligence without introducing any risks.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  19. EMS

    You need to fully integrate Azure ems into OMS. Azure is viewed as the identity management solution. you need to be 100% aligned with this . Currently you are not and this needs to be resolved and integrated with OMS workspace

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
  20. Post Query syntax - Software inventory

    I'm looking for OMS query syntax (need to build a query that will pull software inventory by PC) and the link in the help file called Complete query syntax opens https://technet.microsoft.com/library/mt450427.aspx - We are sorry this page cannot be found
    Any help would be appreciated

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security and Audit Solution  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base