Where is IAM? How it work. It is not clear from the dashboard yet. People are looking to map concepts of linux groups and netgroups (managed at the network leve) to something on Azure.1 vote
Audit and display the number of Azure blob containers that are publically accessible. This is important as data leaks often occur due to data being publically accessible (e.g. public AWS S3 Buckets)1 vote
Audit whether Require Secure Transfer is enabled on Azure Storage accounts, similar to whether encryption is enabled.1 vote
A nice to have would be if the registry path was provided with the Security Recommendation instead of only listing the incorrect value. It would make the recommendation more complete1 vote
include AD object deletes in Events collected by OMS
user, computer, group deletes etc are not collected by OMS.
a whole sale review of the Active Directory Events collected by OMS needs to be implemented to ensure OMS is a valuable audit platform1 vote
For all alerts like Metrics, OMS... there is one option to automate like automation account and Runbook. like that please enable in ASC too
For all alerts like Metrics, OMS... there is one option automate like automation account and Runbook. like that please enable in ASC too.
For all alerts like Metrics, OMS... there is one option to automate like automation account and Runbook. like that please enable in ASC too.
We have to to automate with service now. A ticket have to be created when ASC trigger any alerts. we need some automation feature to do the same?1 vote
There are two CCE with description "Interactive logon: Interactive logon: Number of previous logons to cache (in case domain controller is not available)".
CCE-10926-4 says that this number must be set to 0
CCE-37437-7 says that this number must be set to 4
I made one policy for all servers according to CCE-37473-7 and received a bunch of failed events. I realize that they are targeting different server OS, but for such events there must be a union CCE, or newer CCE must supersede old.
This kind of baseline rule is not server-specific.1 vote
I'l start with the one sample.
Security baseline rule "Devices: Allowed to format and eject removable media".
RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : AllocateDASD
But if we switch to "Security Baseline Rules" tab, we can read that default value is "Administrators".
So, we have a lot of not configured policies, in every one not-configured policy state is matching baseline rule. But analyzer forces us to go and configure it directly. I think this is a lot of unnecessary work here, and comparing to default policy value must be added.1 vote
Be able to change my phone number1 vote
Add-AzLogEventDestination -Name *** -SyslogServer x.x.x.x -SyslogFormat CEF.
I ran above command as per your doc.
But still i'm getting logs into my SIEM as LEEF format only.1 vote
Allow reporting on sign-ins for specific applications through reporting API for Azure AD Free consistent with the Azure Portal.
Under Enterprise applications > All applications > My App > Sign-ins, you can see individual sign-ins within a specific application even with Azure AD Free. The reporting API should provide similar access for Azure AD Free subscriptions.1 vote
The TI tile looks gray and doesn't show the type name on the right.
Web apps which are not behind WAF show as compliant.
Can Azure security center currently support protecting individual SAAS web applications by a WAF ？1 vote
Baselines for audit policies are failing because it's looking for the English words "success and failure" but the results are in German: Erfolg und Fehler
10/4/2017 2:05:34.747 PM | SecurityBaseline
...TimeGenerated:10/4/2017 2:05:34.747 PM
...OSName:Windows Server 2012 R2 Standard
...Description:Audit Policy: System: IPsec Driver
...ExpectedResult:Success and Failure
...ActualResult:Erfolg und Fehler1 vote
The new integration described her:
logs only the netbios name for Computer field. The old integration logs the full name of the server (with fqdn). The new integration should log the full name so it matches with the other logs ingested in OMS.1 vote
Some users would like to see a breakdown of the recommendation items that have already been met, i.e. how are they getting 295/643 points or whatever. The points that you are missing are shown under recommendations, but I don't see any way to show what you have successfully implemented.3 votes
- Don't see your idea?