One of the nice things about OMS is that it comes with a lot of prebuilt solutions. By adding those solutions to your dashboard, OMS will automatically start collecting the necessary information to populate the solution.
The main solution I immediately get asked to implement for clients is the Security & Compliance solution. This solution allows you to:
- Quickly identify issues such as missing security updates, outdated malware, vulnerable OS configurations, and unusual access or network activity
- Use advanced security analytics and Microsoft threat intelligence to detect attacks in near real-time
- Reduce investigation time with built-in threat intelligence and rapid search of security data
- Use security data and insights to demonstrate compliance and easily generate evidence for auditors
Let’s see how easy it is to add this solution to the workspace. Navigate to your dashboard and click the Solutions Gallery button.
Select Security & Compliance (its the bright Orange icon)
You’ll see a description of the solution, which is made up of multiple other solutions, and examples of the dashboards. To add this solution to your workspace, click the Add button.
Go back to the main dashboard and you will see the two new items:
It says to let it run overnight so I will let it run overnight.
Good morning! I’m back!
So the next morning when I check my dashboard, I see this:
We will dive more into all this information in future posts. For now I want to show one quick thing it immediately highlighted for me.
Click the Security and Audit dashboard in the main workspace to open up the solution.
Under Notable issues, it shows 158 failed logon attempts (this is my azure machine that has a public IP address):
If I click that, it shows me that someone has tried to log into this machine using both ADMINISTRATOR and ADMIN as an account.
If I click on ADMINISTRATOR, it shows me the detailed information for each failed log on
I can see from this that an external IP address is trying to log into my VM that is exposed to the internet. Someone is trying to hack my server. This could be fun.