Windows Firewall Auditing with Operations Management Suite Part 2

Article, Azure, Azure Operational Insights Preview, Hybrid Security, Log Analytics, Microsoft, Operational Insights, Operational Insights, Operations Management Suite, System Center, System Center Operations Manager, Windows 1 Minute

While I was writing the previous blog on that subject I’ve remembered that I’ve forgot writing on another tip with Windows Firewall auditing. This tip is a small one. You can easily gather log data about Windows Firewall Port changes by adding the following log:

  • Microsoft-Windows-Windows Firewall With Advanced Security/Firewall

image

That way when someone adds/removes or modifies Windows Firewall rules you will see them in OMS and audit them:

image

Have fun analyzing logs.

Unknown's avatar

Published by Stanislav Zhelyazkov

Stanislav Zhelyazkov has been working in IT since 2007. Stanislav has started his IT career as a Help Desk Specialist in 2007 while studying Informatics in the University of Ruse. He also worked in HP Enterprise Services (now known as DXC), maintaining large corporate IT infrastructures for clients in Holland, Switzerland and Germany and was involved in a Private Cloud project based on MS Hyper-V and System Center. He was also in the role of Principal Consultant in Lumagate developing and consulting companies on Azure, OMS, management and Private clouds. Currently he is Cloud Infrastructure Engineer at Sentia Denmark. Stanislav is active community member at MSDN forums providing answers on Azure. His blogposts can be found at www.cloudadministrator.net or www.systemcentercentral.com.

Published

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.