If you add the Security and Audit solution after June 19, 2017, you will be billed per node regardless of the workspace pricing tier. The first 60 days are free.
Operations Management Suite Security and Audit Solution helps you continuously monitor the security of your environments for potential vulnerabilities and threats, and it provides access to the data and intelligence you need to respond quickly. It works with Windows and Linux systems that are running on-premises, in Azure and AWS.
GAIN INSTANT SECURITY INSIGHTS ACROSS ALL YOUR IT ENVIRONMENTS
Built-in security assessments make it easy to identify systems with missing security updates, missing or outdated antimalware, and insecure OS configurations that can make them vulnerable to attack. It also provides insight into network and access activity that might indicate an attack. You can create your own notable issues to track events of importance to you as well.
DETECT ACTIVE THREATS AND INVESTIGATE QUICKLY
By leveraging Microsoft's vast global threat intelligence and applying behavioral analytics, the solution can detect malicious network traffic and compromised systems. Once a threat has been detected, for example a malicious process being executed or an attempt by the attacker to move laterally within your environment, you have ready access to the security and operational data you need to perform forensic analysis - identifying the source and scope of the attack so that you can evict the attacker and restore your environment.
When you use the Security and Audit solution, we recommend that you configure an audit policy, according to Audit Policy Recommendations. To learn how to configure your Windows environment, see To learn how to configure your Windows environment, see Advanced Audit Policy Configuration.
To help enrich your security and audit capability, we also recommend that you enable AppLocker events. See Configure an AppLocker Policy for Audit Only for more information.