The availability of the OMS Search API has enabled automation scenarios which involves alerting, notification and potential remediation based on log analytics data in Operations Management Suite (OMS).
In this blog post we will talk about a sample scenario for monitoring a honeypot account with an Azure Automation runbook . This runbook checks if someone has attempted to logon with this account on a specific server.
Our runbook will talk to the OMS Search API and is able to execute searches or can retrieve the results of a saved search. Based on the query results we can decide to take corrective actions or to invoke other runbooks for alerting and notification purposes. During conversations with customers we have been asked many times if OMS has similar System Center Operations Manager (SCOM) task integration to take actions based on OMS search query results.
To see more about this click here: