How can we improve Azure Log Analytics ?

Fix Windows2016 baseline detection

I stumble on some error in the detection. For example :

OSName,RuleSetting,ExpectedResult,ActualResult
Windows Server 2016 Datacenter,"Privilege Rights : SeTrustedCredManAccessPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeTcbPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeCreateTokenPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeCreatePermanentPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeLockMemoryPrivilege",0,"No One"
Windows Server 2016 Datacenter,"Privilege Rights : SeRelabelPrivilege",0,"No One"

These user right should according the baseline no have an user of group assigned but detection expects 0 instead on "No One"

Or do I need to make a support call for this?

6 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Bart Danse shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Bart Danse commented  ·   ·  Flag as inappropriate

        found some more.

        Retention search for a string instead of int (dword). NullSessionShares is not found at all.

        OSName,RuleSetting,ExpectedResult,ActualResult,BaselineRuleId
        Windows Server 2016 Datacenter,"LocalMachine\System\CurrentControlSet\Services\LanManServer\Parameters : NullSessionShares",0,"NOT_EXISTS","383ddfeb-b22d-4206-b8b3-67d4e0c6dfe7"
        Windows Server 2016 Datacenter,"LocalMachine\Software\Policies\Microsoft\Windows\EventLog\Security : Retention",0,"NOT_EXISTS","185f52cc-add3-4591-91a6-624efa791351"
        Windows Server 2016 Datacenter,"LocalMachine\Software\Policies\Microsoft\Windows\EventLog\Setup : Retention",0,"NOT_EXISTS","12990b19-424e-404b-b9b5-80f201ac9192"
        Windows Server 2016 Datacenter,"LocalMachine\Software\Policies\Microsoft\Windows\EventLog\System : Retention",0,"NOT_EXISTS","f5e7b762-f33c-43f9-8e66-a9f672806fb4"

      Feedback and Knowledge Base