While discussing Azure/OMS topics in the community I often see incorrect usage of OMS (Operations Management Suite). That is understandable of course as Microsoft hasn’t done good job at clearing out all the terms but I still think we should be using the correct term when posting questions or discussing OMS in forums and other sites. This can help us communicate better between each other and especially in forums could result to answering question faster. As we the move from OMS Portal to Azure Portal it was about time to write this blog post which I’ve intended to do for quite some time but always delayed due to different circumstances.
For quite some time it was clear that the OMS Portal will move completely to Azure and that is good news. We have seen services like Update Management, Azure Security Center (Security & Audit solution is part of it) releasing new functionalities only in Azure Portal. In fact some services that have been part of OMS (OMS is a suite not a product or service) have always been in Azure Portal. Such services are Azure Backup, Site Recovery, Application Insights, etc. Microsoft has documented OMS Portal deprecation but I would like to add some things to the ones documented there:
Since Ignite 2017 Security & Compliance offering is now part of Azure Service Center service. Because of that some of the controls of that offering are moved to ASC but still the integration is not complete at least to me. With this blog post I will focus on two of the ASC settings that you should set up when you start with ASC – Changing to another Log Analytics workspace and Security Events level (filtering). Continue reading “Tips and Tricks of Setting up Azure Security Center”
Seems the new year bring us some bad surprises in terms of security. There has been some rumors and now turned out to be truth that certain processors are vulnerable to certain attacks. Yes processors. That means that affects a wide variety of Operating Systems. As Microsoft puts it:
Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.
I’ve stumbled on a great article by Brandon Wilson named Demystifying Schannel on which he explains how we can enable verbose logging for Schannel to found out what protocols our machines are using. As I leave and breathe Log Analytics and love to crunch data I thought would be cool example if we can ingest that data into it and show you some cool example with the new query language on transforming data.