Allow custom flexible Security events filtering
Security solution now allows filter security events: https://blogs.technet.microsoft.com/msoms/2016/11/08/filter-the-security-events-the-oms-security-collects/
It will be good if this solution also support a "Custom" option to allow customers to specify what events to collect (in addition to pre-configured lists). Also it will be good if the customer supplied filter supports wildcards and RegEx support.
Michael Perrotta commented
Although you can't specify specific event ID to capture or blacklist, you can enable the OMS Agent to capture additional log sources under Advanced Settings in Log Analytics.
Leandro Soares commented
Hi! Looking forward to have this feature enabled. Some event ids are unecessary and filtering out them (using a blacklist for example) would help us a lot.
Marcus Oliveira commented
This is lot of important and all solutions of SIEM in market have this feature.
Ariel Coloma commented
Hello Azure, are you even looking into this request?
It would be nice to just send those relevant or desired event logs that the MMAs send to the workspace.
Nice blog, thank you so much for sharing this. Noble IVF is one of the top IVF Centre and Test Tube Baby Centre in Aligarh with well-experienced fertility doctors.
<a href="https://www.nobleivf.com">Best IVF Centre in Aligarh</a>
Branko Jagodic commented
Thanks for the good recommendation best regards to the author.
Srbija Oglasi commented
Thank you very much for your time to present this! https://sremportal.info/
Endlich habe ich den besten Optiker in Düsseldorf gefunden https://www.deutscheoptiker.de/optiker/duesseldorf/ War nicht einfach eine gute Brille und Kontaktlinsen zu finden
Die beste Sonnenbrille mit Sehstärke - https://www.topglas.de/pages/sonnenbrille-mit-sehstaerke nur bei TOPGLAS bestellen
Ryan Murphy commented
Thank you for that! Don't you mind if I post it on https://mindepcasinos.com/5-deposit-casinos/
Thank you! It is so useful for my project https://trekmovers.com/movers/santa-monica/
Steve Seidel commented
How can I reach RegEx support?
K Justin commented
Providing specific threat analytics to login attacks (like ADFS events 299,500,501) would also help versus grabbing 6-10GB of Security logs on the common setting