Customized Security Center Audit Policy

Occasional Contributor

I wanted to add a few extra controls in the /opt/microsoft/omsagent/plugin/oms_audits.xml.

 

For eg. I wanted to add some controls from CIS Benchmark

 

Kindly help me out please.

 

Also i changed the time interval in security_baseline.conf to 5minutes from 24 hours. However it keeps on reverting to 24 hours. Kindly advise, how the time interval can be changed:

 

<source>
type exec
tag oms.security_baseline
command sleep 60 && /opt/microsoft/omsagent/plugin/omsbaseline -d /opt/microsoft/omsagent/plugin/
format json
run_interval 24h
</source>

 

@Miri Landau (@Miri_Landau) 

@Ben Kliger @Meital Taran- Gutman 

 

 

1 Reply

@kmanish Currently, we do not support either of the scenarios to customize security baseline or to increase baseline assessment frequency. The default behavior for changes will be as below:

1.  Any change to oms_audits.xml will result in omsbaseline rejecting the file as corrupted. The file will get reset withing 15 minutes by omsconfig.

2.  The file 'security_baseline.conf' mentioned is managed by the nxOMSPlugin DSC module and will reset the file to “desired state” within 15 minutes.

Long term, Azure intents to support customization security baselines via In-Guest policy. We do not have a definitive timeline for it.

@Meital Taran- Gutman 

@Miri Landau (@Miri_Landau)