I was taking a look at some new features and functionality with OMS with morning and decided to give the “Extend OMS security with your own notable issues” feature a walk through. In my opinion, this feature is very useful as it allows me to come up with my own queries for what I think is critical in my environment. For example, if a logon failure from a specific account is a critical issue in my environment, I can simply create a saved query for these events and add them to the Notable Issues blade of the Security and Audit solution for easy visualization.
Let’s configure a quick example….
In this example, I’ve created a query to show when a service account fails to logon. This query can be anything, but should be something notable as it will display on the home page of your Security and Audit solution. Once I’ve configured my query, I simply select “Save”, enter the query name, and add the query to one of the “Notable Issues” categories.
Once I save the query as a notable issue, I can navigate to the Security and Audit tile and view my new Critical Notable Issue in the Notable Issues blade.