-
PR for Detecting Faulty Notepad++ Upgrades
Introduction: I might be a bit behind the wave here, but I wanted to provide something to the community that has helped in my world. As I am sure many folks are already aware, there were a host of vulnerabilities recently found and patched in Notepad++. Those include CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166 which you can…
-
8/10/23 News: Updates and Future Plans
This is the first in what will likely be many “News:” articles of mine. These are pretty much exactly what they sound like, just simple newsletters regarding what I have been working on, some things that have received some updates and adjustments, and what you can expect coming up. Updates: Fast Startup: System Usage &…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.6: Deploying the Script
Introduction: With your data ingesting and workbooks deployed, we are now ready to start deploying the collector via Proactive Remediations in Intune. This will likely be the final article in this series, at least for now. In this section, we will cover… Requirements: This should be pretty obvious, but you need to have completed the setup…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.5: Importing the Workbook
Introduction: With your data now ingesting into Log Analytics, granted the collectors not yet deployed, we are ready to begin setting up our workbooks to further confirm data is coming in properly. Note: It would be a good idea to have at least a few devices manually ingest some data before starting this process. In this…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.4: Sample Data, Tables, DCRs, Initial Ingestion
Introduction: We have now covered what this solution does and its cost, at least from an ingestion standpoint. Now, we will finally be deploying something! In this article, we will generate our sample data, use it to create our new tables and DCRs, grant the appropriate permissions on those DCRs, and perform an initial ingestion!…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.3: Configure Event Auditing and Power Settings
As explained, the System Usage monitoring makes use of Windows Event logs for data gathering. While the Event Log has a ton of useful information by default, some events only log when enabled via an additional policy. Additionally, some won’t log at all until certain power settings are changed (See part 1.1, startup and shutdown…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.2: Cost
Introduction: Following my initial articles describing what is collected, how it is displayed, and the quirks that the collector has, this article will cover the cost of this solution. Before we start, please know that I am no Azure cost “expert.” I can point you in the right direction and provide examples, but you need…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.1: Technical Details and Limitations
Introduction: In my initial article of this series, I mentioned that there are several asterisks, footnotes, limitations, and caveats to understand with this solution. To elaborate a bit further, this article explains more about how this works, the details of the events we capture, what we don’t/can’t capture for one reason or another, and what…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.0: Overview
Introduction: For those of you familiar with my work on Log Analytics, you know that I have at several times throughout several articles touted the ability for PowerShell to pull Windows Events, including those from the Security log which the now old Log Analytics agent could not do. And, unfortunately, the new AMA has other…
-
PowerShell DCR Log Analytics for Windows Endpoints Part 1.9: Deploying the Collector Script via Proactive Remediations
Introduction: With your data ingesting and workbooks deployed, we are now ready to start to deploy the collector out via Proactive Remediations in Intune. This will likely be the final article in this series, at least for now. To be clear, I mean just the Windows Endpoints series for App/Device/Admin Inventory. There are quite a…
Azure to the Max 