Tag: PowerShell
-
Log Analytics for Application Usage Monitoring Part 1.4: Sample Data, Tables, DCRs, Initial Ingestion
Introduction: We have now covered what this solution does and its cost, at least from an ingestion standpoint. Now, we will finally be deploying something! In this article, we will generate our sample data, use it to create our new tables and DCRs, grant the appropriate permissions on those DCRs, and perform an initial ingestion!…
-
Log Analytics for Application Usage Monitoring Part 1.3: Configure Event Auditing
As explained in prior articles, the Application Usage Monitoring makes use of Windows Event logs for data gathering. While the Event Log has a ton of useful information by default, the logs we need to capture for this tool to function are not logged by default and instead must be enabled via policy This article…
-
Log Analytics for Application Usage Monitoring Part 1.2: Cost
Introduction: Following my initial articles describing what is collected, how it is displayed, this article will cover the cost of this solution. Before we start, please know that I am no Azure cost “expert.” I can point you in the right direction and provide examples, but you need to consult with Microsoft and your internal…
-
Log Analytics for Windows Application Usage Monitoring Part 1.1: Technical Details and Limitations
Introduction: In my initial article of this series, I mentioned that there were a few asterisks, footnotes, limitations, and caveats to understand with this solution. Luckily, this is again much less of a concern than it was with the System Usage & Authentication Monitoring series as this collector isn’t targeting nearly the volume of event…
-
PR for Detecting Faulty Notepad++ Upgrades
Introduction: I might be a bit behind the wave here, but I wanted to provide something to the community that has helped in my world. As I am sure many folks are already aware, there were a host of vulnerabilities recently found and patched in Notepad++. Those include CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166 which you can…
-
8/10/23 News: Updates and Future Plans
This is the first in what will likely be many “News:” articles of mine. These are pretty much exactly what they sound like, just simple newsletters regarding what I have been working on, some things that have received some updates and adjustments, and what you can expect coming up. Updates: Fast Startup: System Usage &…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.6: Deploying the Script
Introduction: With your data ingesting and workbooks deployed, we are now ready to start deploying the collector via Proactive Remediations in Intune. This will likely be the final article in this series, at least for now. In this section, we will cover… Requirements: This should be pretty obvious, but you need to have completed the setup…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.2: Cost
Introduction: Following my initial articles describing what is collected, how it is displayed, and the quirks that the collector has, this article will cover the cost of this solution. Before we start, please know that I am no Azure cost “expert.” I can point you in the right direction and provide examples, but you need…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.1: Technical Details and Limitations
Introduction: In my initial article of this series, I mentioned that there are several asterisks, footnotes, limitations, and caveats to understand with this solution. To elaborate a bit further, this article explains more about how this works, the details of the events we capture, what we don’t/can’t capture for one reason or another, and what…
-
Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.0: Overview
Introduction: For those of you familiar with my work on Log Analytics, you know that I have at several times throughout several articles touted the ability for PowerShell to pull Windows Events, including those from the Security log which the now old Log Analytics agent could not do. And, unfortunately, the new AMA has other…
Azure to the Max 