Note: This article is a cross post from contains copied text from this article written by The Scripting Guys, a Microsoft blog all about PowerShell and OMS.
Last August Microsoft introduced the advanced detection capability in OMS Security. It scans more than seven billion events per day(!) and analyzes them to generate useful detections.
OMS Security advanced detections are provided as a service, which means that customers don’t have to create or maintain the infrastructure and write threat detection rules. Microsoft does it for them on a global scale and brings Microsoft’s vast security knowledge and tools into play.
Microsoft is continuously adding new patterns and new detection types to keep up with the latest attack techniques. Microsoft keeps monitoring the detections to reduce the false positive detections as much they can.
Since yesterday this service is available in Europe as well and is automatically enabled for all OMS Security customers.
Want to know more about this powerfull feature, which is RTU (Ready To Use) without requiring any configuration at all, except for rolling out the Microsoft Monitoring Agent to the systems you want to cover, or to connect your SCOM environment to OMS? Go here.
OMS is growing on an almost weekly basis in capabilities and coverage, if not daily. Features like this one are really usefull and offer a good insight in how secure your organization really is and whether there are breaches. Normally it would take a lot of time, resources and money to roll out such a service. And now it’s available with just a few mouse clicks for a very affordable price!
For me this is a typical showcase of the power of the cloud and the services it has to offer.