Customized Security Center Audit Policy

Question

I wanted to add a few extra controls in the /opt/microsoft/omsagent/plugin/oms_audits.xml.

For eg. I wanted to add some controls from CIS Benchmark

Kindly help me out please.

Also i changed the time interval in security_baseline.conf to 5minutes from 24 hours. However it keeps on reverting to 24 hours. Kindly advise, how the time interval can be changed:

<source>
type exec
tag oms.security_baseline
command sleep 60 && /opt/microsoft/omsagent/plugin/omsbaseline -d /opt/microsoft/omsagent/plugin/
format json
run_interval 24h
</source>

@Miri Landau (@Miri_Landau)

Ben Kliger Meital Taran- Gutman

gugovind · Answer

kmanish&nbsp;Currently, we do not support either of the scenarios to customize security baseline or to increase baseline assessment frequency. The default behavior for changes will be as below:
1.&nbsp; Any change to oms_audits.xml will result in omsbaseline rejecting the file as corrupted. The file will get reset withing 15 minutes by omsconfig.
2.&nbsp; The file 'security_baseline.conf' mentioned is managed by the nxOMSPlugin DSC module and will reset the file to “desired state” within 15 minutes.
Long term, Azure intents to support customization security baselines via In-Guest policy. We do not have a definitive timeline for it.
Meital Taran- Gutman&nbsp;
@Miri&nbsp;Landau&nbsp;(@Miri_Landau)&nbsp;
@Michael Carrabine&nbsp;

Forum Discussion

Customized Security Center Audit Policy

1 Reply

Resources