Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Different Analytic Rules based on OS

Brass Contributor

Hello,

 

We have the MMA agent installed on some of our physical systems. What we are looking to do is to have different analytic rules for our Workstations vs our Servers. It seems the best way we could do this is if we could query the OS version from one of the tables. 

 

Is the OS version logged in any of the data tables to be able to do this or is there better way to accomplish this.

 

Thanks,

Mike

5 Replies

Hi @mperrotta , the Heartbeat table contains the fields you need:

 
  • OSMajorVersion (string)
  • OSMinorVersion (string)
  • OSName (string)
  • OSType (string)

 

Regards

@Javier Soriano Unfortunately in the Heartbeat table, regardless if it is Win 10 or a Windows Server, they all show up as the same version. And the OS Type is just Windows.

 

Thanks

@mperrotta did you also check Update table? This should exist if you have the update management solution installed in the workspace...

@Javier Soriano We don't have that service turned on. It seems the best approach will be to establish computer groups to do this.

@mperrotta I believe you have naming conventions for Servers and Workstations. If this the case, you can add a condition like ' where Computer startswith/contains "srv" '.