Leveraging the OMS Search API in an Azure Automation Runbook

Posted on

The availability of the OMS Search API has enabled automation scenarios which involves alerting, notification and potential remediation based on log analytics data in Operations Management Suite (OMS).

In this blog post we will talk about a sample scenario for monitoring a honeypot account with an Azure Automation runbook . This runbook checks if someone has attempted to logon with this account on a specific server.

Our runbook will talk to the OMS Search API and is able to execute searches or can retrieve the results of a saved search. Based on the query results we can decide to take corrective actions or to invoke other runbooks for alerting and notification purposes.  During conversations with customers we have been asked many times if OMS has similar System Center Operations Manager (SCOM) task integration to take actions based on OMS search query results.



To see more about this click here:



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s