8 votes0 comments · Azure Monitor-Log Analytics » Wire Data Solution · Flag idea as inappropriate… · Admin →RichardB shared this idea ·
13 votes0 comments · Azure Monitor-Log Analytics » Log Management and Log Collection Policy · Flag idea as inappropriate… · Admin →
We’re currently enhancing our compliance functionality.RichardB commented
I would lik eto see both values to better evaluate how well our service provider are doing. This would save be a bunch of time, not having to scan our enviroment myself with mbsa and some excel magic.
So do a scan using the configures WSUS (and thereby the approved patches) and a scan with Wsusscn2.cab directly from MS. Please keep in mind, that the servers in questions do not have unrestricted Internet access, so the file would need to be downloaded through the Direct Agent.
Also, the ability to initiate a scan right now on one or more devices and also be able to define how often and when a system should be scanned.
340 votes21 comments · Azure Monitor-Log Analytics » Log Management and Log Collection Policy · Flag idea as inappropriate… · Admin →
This is currently under development, scheduled to be in preview later in 2018RichardB commented
I would really like to see this come true in the following way.
Have our Collectors forward all its events to OMS.
I have two business cases where this would make really sense.
1) Instead of using the Security Solution Pack, which is waaay too expensive due to the amount of events begin send. I would collect only the few events needed from our Domain Controller and send to OMS.
(and as a bonus feature, use the security posture view on these events also)
2) We are in the process of implementing, that all workstations send events to our Collector. Not alot, but a little handful. These I would also like to send to OMS.
(inspired by http://blogs.technet.com/b/jepayne/archive/2015/11/24/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem.aspx and
I do NOT want to install a Direct Agent on all our workstations, just to collects a few events event now and then. Too much management overhead. (we have 5.000 workstations)
49 votes0 comments · Azure Monitor-Log Analytics » Workspace Settings / Administration · Flag idea as inappropriate… · Admin →
We’re looking at using information from the Windows Security Center to collect status from non-Microsoft antimalware products.