RichardB

My feedback

  1. 8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    RichardB shared this idea  · 
  2. 13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    RichardB supported this idea  · 
  3. 43 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Azure Security Center  ·  Flag idea as inappropriate…  ·  Admin →
  4. 31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Update Management » General  ·  Flag idea as inappropriate…  ·  Admin →
    RichardB commented  · 

    I would lik eto see both values to better evaluate how well our service provider are doing. This would save be a bunch of time, not having to scan our enviroment myself with mbsa and some excel magic.

    So do a scan using the configures WSUS (and thereby the approved patches) and a scan with Wsusscn2.cab directly from MS. Please keep in mind, that the servers in questions do not have unrestricted Internet access, so the file would need to be downloaded through the Direct Agent.

    Also, the ability to initiate a scan right now on one or more devices and also be able to define how often and when a system should be scanned.

  5. 332 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    RichardB supported this idea  · 
    RichardB commented  · 

    I would really like to see this come true in the following way.

    Have our Collectors forward all its events to OMS.

    I have two business cases where this would make really sense.

    1) Instead of using the Security Solution Pack, which is waaay too expensive due to the amount of events begin send. I would collect only the few events needed from our Domain Controller and send to OMS.
    (and as a bonus feature, use the security posture view on these events also)

    2) We are in the process of implementing, that all workstations send events to our Collector. Not alot, but a little handful. These I would also like to send to OMS.
    (inspired by http://blogs.technet.com/b/jepayne/archive/2015/11/24/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem.aspx and
    https://www.nsa.gov/ia/_files/app/spotting_the_adversary_with_windows_event_log_monitoring.pdf)

    I do NOT want to install a Direct Agent on all our workstations, just to collects a few events event now and then. Too much management overhead. (we have 5.000 workstations)

  6. 109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    RichardB supported this idea  · 
  7. 49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    RichardB supported this idea  · 
  8. 276 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    43 comments  ·  Azure Security Center  ·  Flag idea as inappropriate…  ·  Admin →
    RichardB supported this idea  · 

Feedback and Knowledge Base