Yesterday I hosted a workshop at Microsoft Belux about OMS security and compliancy features built-in in the OMS suite. It’s always nice to talk people through the different things which are included + give tips and tricks based on their questions.
As a lot of questions are returning I decided to bundle them in an overview blog post how you could effectively tune your environment. This is not a “how to” to setup OMS but just a summary of the small tips and tricks.
If you need a full “how to” setup OMS security check here: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-security-getting-started
A significant portion of the insights on how you are doing regarding security comes from you IIS logs. Assuming that you have an OMS agent installed and added to your workspace it is invaluable to send these logs to your workspace as well for indexing and feeding the different users which are taking benefit from this knowledge.
Another handy tip is limiting the amount of data sent to your workspace to protect your usage. It used to be only possible to send all or nothing but just recently there’s a filter added to what events will be uploaded.
To select this filter go to your security and audit solution:
Click the gear icon on top left corner:
use one of the predefined filters:
For more info on the filters click the “For additional details” link.
To summarize the different filters check the different scenarios.
I’ve added to the list of events which are included in each scenario for your reference:
Adding the security logs can have a significant impact on your uploaded data in your workspace and can cause overage payments or bad POC due to suspension of your workspace due to breach of max amount data uploaded a day.
To check the usage of the security events follow the following procedure:
Go into the main screen of your workspace and select usage:
Scroll to the middle of the screen and look for Data Volume by solution => click on “Security”
Check the graph to see which machines are consuming the most of the usage and try to take corrective actions.
These are just some tips and tricks to get the most out of your security solution. This solution is heavily dependant on other solutions (anti malware, compliancy,…) so the more solutions you deploy and configure the more clear the picture will be on how you are doing on the security field.
Stay tuned for more tips and tricks which will help you to get the full grasp and value out of your OMS investments.