Allow custom flexible Security events filtering
Security solution now allows filter security events: https://blogs.technet.microsoft.com/msoms/2016/11/08/filter-the-security-events-the-oms-security-collects/
It will be good if this solution also support a "Custom" option to allow customers to specify what events to collect (in addition to pre-configured lists). Also it will be good if the customer supplied filter supports wildcards and RegEx support.
Mills, Jordan (US) commented
This is listed as complete now, but there's no information on how to do it.
I’m really happy with this informative blog, thank you so much for sharing this. Rosiroti is a leading Online Job Portal Website; visit our website for more information.
<a href="https://www.rosiroti.com/">Online Job Search</a>
Nice information, it is really useful for me. Instasource is a leading Touch & Interactive Displays in India, visit our website for more information-
<a href="https://www.instasource.in/touch-interactive-displays">Distributors of Touch & Interactive Displays in India</a>
Really creative things put in this blog, I like this blog. Visit Bidz365 for Best Tender Management Consultancy and Services in Delhi, India.
<a href=https://bidz365.com/services/>Best Tender Management Consultancy in Delhi</a>
Really interesting blog, please update more information about this related blog. Digitaginfo is a leading SEO Agency in Delhi and provides the best PPC Services in Delhi at affordable prices. For more information visit our website.
<a href="https://www.digitaginfo.com/ppc-services-agency">PPC Services in Delhi</a>
Anchal Malik commented
I think this is one of the best issue resolver. https://www.anchal.pk
[Deleted User] commented
Die besten Blaulichtfilter Brillen erhält man nur mit https://www.deutscheoptiker.de/blaulichtfilter-brille/
Srbija Oglasi commented
Great solution https://sremportal.info/
Die beste Sonnenbrille mit Sehstärke - https://www.topglas.de/pages/sonnenbrille-mit-sehstaerke nur bei TOPGLAS bestellen
Michael Perrotta commented
Although you can't specify specific event ID to capture or blacklist, you can enable the OMS Agent to capture additional log sources under Advanced Settings in Log Analytics.
Leandro Soares commented
Hi! Looking forward to have this feature enabled. Some event ids are unecessary and filtering out them (using a blacklist for example) would help us a lot.
Marcus Oliveira commented
This is lot of important and all solutions of SIEM in market have this feature.
Ariel Coloma commented
Hello Azure, are you even looking into this request?
It would be nice to just send those relevant or desired event logs that the MMAs send to the workspace.
Steve Seidel commented
How can I reach RegEx support?
K Justin commented
Providing specific threat analytics to login attacks (like ADFS events 299,500,501) would also help versus grabbing 6-10GB of Security logs on the common setting