OMS Portal Moving to Azure

For quite some time it was clear that the OMS Portal will move completely to Azure and that is good news. We have seen services like Update Management, Azure Security Center (Security & Audit solution is part of it) releasing new functionalities only in Azure Portal. In fact some services that have been part of OMS (OMS is a suite not a product or service) have always been in Azure Portal. Such services are Azure Backup, Site Recovery, Application Insights, etc. Microsoft has documented OMS Portal deprecation but I would like to add some things to the ones documented there:

Continue reading “OMS Portal Moving to Azure”

Configure OMS Linux Agent Heartbeat Interval

As you know both OMS Linux and Windows agent send heartbeat events and they are free of charge. The problem is that the interval of these heartbeat events is different for both operating systems. For Windows it is every 1 minute and for Linux is every 5 minutes. I do not know exactly the reason for this decision but I prefer that all my servers report at the same interval. The beautiful thing with the OMS Linux agent that is extendable and configurable. So this blog post will focus on how you can easily change the heartbeat interval on OMS Linux agent to 1 minute.

Continue reading “Configure OMS Linux Agent Heartbeat Interval”

Monitoring Windows Services States with Log Analytics

Monitoring Windows Services States is one of the most common requests that I’ve seen on forums, groups and blog posts. My fellow MVP and OMS expert Stefan Roth wrote a similar blog post titled OMS – Monitor Windows Services / Processes. I would suggest to check it out as well. The approach I will show is somehow already cover in official article that demonstrates custom fields in Log Analytics. The difference is that we now have the new rich Log Analytics search syntax so we do not need  custom fields anymore. This approach also is different from Stefan’s as his one covers wider topic with monitoring processes by using performance counters. In this approach we will use windows events which Stefan mentions that is not reliable but he was referring to specific Event Id which I also agree it is not reliable. In the next steps I will use another Event Id that is reliable 100%. The advantage of using windows events for monitoring windows services states are:

  • Only windows events are gathered which results in less data uploaded compared to performance data
  • You do not have to add performance counter for each process, you just need to add only one event log to monitor all services

  • The services are shown with their actual name that is used in services.msc or Get-Service cmdlet.

  • We have the actual state of the service when it happened

Some of the disadvantages of this method are:

  • Until the service is started or stopped it will take at least 5 minutes until the data appears in Log Analytics

Continue reading “Monitoring Windows Services States with Log Analytics”

Tips and Tricks of Setting up Azure Security Center

Since Ignite 2017 Security & Compliance offering is now part of Azure Service Center service. Because of that some of the controls of that offering are moved to ASC but still the integration is not complete at least to me. With this blog post I will focus on two of the ASC settings that you should set up when you start with ASC – Changing to another Log Analytics workspace and Security Events level (filtering). Continue reading “Tips and Tricks of Setting up Azure Security Center”

Mitigate speculative execution side-channel vulnerabilities

Seems the new year bring us some bad surprises in terms of security. There has been some rumors and now turned out to be truth that certain processors are vulnerable to certain attacks. Yes processors. That means that affects a wide variety of Operating Systems. As Microsoft puts it:

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Source: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

Continue reading “Mitigate speculative execution side-channel vulnerabilities”