cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Customized Security Center Audit Policy

kmanish
Copper Contributor

‎Feb 19 2020 03:58 AM - edited ‎Feb 19 2020 04:01 AM

‎Feb 19 2020 03:58 AM - edited ‎Feb 19 2020 04:01 AM

Customized Security Center Audit Policy

I wanted to add a few extra controls in the /opt/microsoft/omsagent/plugin/oms_audits.xml.

 

For eg. I wanted to add some controls from CIS Benchmark

 

Kindly help me out please.

 

Also i changed the time interval in security_baseline.conf to 5minutes from 24 hours. However it keeps on reverting to 24 hours. Kindly advise, how the time interval can be changed:

 

<source>
type exec
tag oms.security_baseline
command sleep 60 && /opt/microsoft/omsagent/plugin/omsbaseline -d /opt/microsoft/omsagent/plugin/
format json
run_interval 24h
</source>

 

@Miri Landau (@Miri_Landau) 

@Ben Kliger @Meital Taran- Gutman 

 

 

960 Views
0 Likes
1 Reply
Reply
1 Reply
gugovind

‎Mar 04 2020 01:16 PM

‎Mar 04 2020 01:16 PM

Re: Customized Security Center Audit Policy

@kmanish Currently, we do not support either of the scenarios to customize security baseline or to increase baseline assessment frequency. The default behavior for changes will be as below:

1.  Any change to oms_audits.xml will result in omsbaseline rejecting the file as corrupted. The file will get reset withing 15 minutes by omsconfig.

2.  The file 'security_baseline.conf' mentioned is managed by the nxOMSPlugin DSC module and will reset the file to “desired state” within 15 minutes.

Long term, Azure intents to support customization security baselines via In-Guest policy. We do not have a definitive timeline for it.

@Meital Taran- Gutman 

@Miri Landau (@Miri_Landau) 

0 Likes
Reply