Using Power BI and Microsoft OMS for security dashboards and reports | Quisitive
Using Power BI and Microsoft OMS for security dashboards and reports
March 29, 2016
Cameron Fuller
Read below

[Updated 11/29/2017: With the release of the new query language and the changes to how data is sent to Power BI, this blog post is now deprecated.]

Microsoft OMS provides an easy to use method to gather security information from a variety of systems into a single repository of information through using the Security solution. This solution includes pre-built visualization which showcase a wide variety of security related information in an easy to read format (a sample of this is shown below).

You can also query this data directly in OMS through digging into the above dashboard to get to the underlying details. When you dig in this way it is running the Log Search functionality with a pre-built query such as the one below.

Through the pre-built Solutions, queries and My Dashboard functionality you have a large number of options available to visualize the data that you are logging into OMS. Microsoft recently released integration with Power BI which is the focus of today’s blog post. The ability to send this data from OMS to Power BI provides a powerful option to visualize a variety of data including security data. In this blog post we will explain the following:

  • How to enable the integration with Power BI
  • How to send Security information from OMS to Power BI
  • What does a sample dashboard look like in Power BI with OMS security information

For information on how to use Power BI in general starting from once you have data connected into Power BI see the blog post available at: https://www.catapultsystems.com/cfuller/archive/2015/12/01/using-power-bi-for-disk-space-dashboards-and-reports-in-operations-manager/.

Enabling Power BI in OMS:

PowerBI integration in OMS is currently available as part of the Public Preview. You can find this in your OMS workspace under “Preview Features” as shown below.

Set the PowerBI Integration to enabled.

Once this is enabled, in a log search you gain the PowerBI option shown below.

Click on the PowerBI icon and enable your PowerBI credentials and you are now configured to use the preview version of this functionality.

Sending Security information from OMS to Power BI:

To send information to Power BI, we use the Log Search option in the top left corner of OMS.

A simple query such as this will return all security events which OMS has collected: (This blog post is assuming that you have already added the “Security and Audit” solution in your OMS environment.)

Type=SecurityEvent

A sample of my data results are shown below:

This query can be targeted to provide information on specific accounts, from specific accounts, with specific event numbers, or from specific processes or logon types by adding this to the search query using the left hand pane options. For this example however we will export all SecurityEvent data from OMS to Power BI.

Once you have the query the way that you want it you can send this data to PowerBI using the button on the bottom of the page shown below.

This button adds a pane on the right side where you specify the name of the Power BI rule, which saved search and the dataset name which will appear in Power BI.

Once you have created your export to Power BI you can see these on the settings page under Power BI tab shown below.

Creation of this export from Power BI will create a new Dataset with the name that you specified when creating the export from Power BI. An example is shown below where the “OMS Security Events” name was added as a Dataset.

If you open up the filter on the far right side of Power BI you can expand the Count and Results sections as shown below to verify that information is being sent correctly to Power BI.

Sample Power BI dashboard:

The screenshot below shows the OMS Security Events reports which makes it easy to visualize the security information which has been routed over from OMS to Power BI.

You can select the computer and/or activity fields to filter the results on the report. The result below shows the accounts which failed to log into a specific system.

Summary: The integration of OMS and Power BI opens the door to some incredible potential methods to visualize data. In the next blog post in this series we will show how this approach can be used to visualize performance information. For more information on Power BI, I recommend reviewing the free e-book “Inside Microsoft OMS” in chapter 2.3.