Simple network analysis with MS OMS WireData solution
Summary: Learn how to use the Microsoft Operations Management Suite WireData solution to analyze network protocols, subnets, computers, and potential threats.
Good morning everyone, Ed Wilson here. It has already been a busy week around here. We have been busy working with various people involved in the PowerShell Saturday event in Tampa. We are continuing to nail down all of the minute details that bring over 200 people to talk not only about Windows PowerShell, but also about MS OMS and other management technologies.
The weather down here has been beautiful all week, and yesterday it was 82 degrees and sunny. I snapped this photo with my new Lumia 950 XL phone when I was out walking:
One of the things that is pretty cool here, is that I can easily look outside and see if things are going well (or are going to go well) with the weather. With MS OMS I can do the same thing with my network.
I find the WireData overview tile in my MS OMS console to be useful. The following overview tells me that I have 50 agents in the last 24 hours, and there are 12 subnets and 70 application-level protocols in the last 24 hours:
I click that tile, and it brings up four more detailed tiles. These show Network traffic captured by my 50 agents, and an overview of my 12 subnets. I can see what the 70 application level protocols are, and even see a context of my log records over time.
If I click 50 Results for my agent computers, I run a query that sums the total bytes by computer. I can see the results in the details from the query. But I can also see things like my top protocols, IP version, and Application protocols (such as LDAP or HTTPS). This view is shown here:
I can look at my log records over time, and I can see that I have events and the W3cIISLogs:
I can work my way through each of these, or simply look at the overview screens that highlight potential threats or recommendations. In addition, I can examine each of the individual protocols, and dive in to the individual records. This is the HTTP protocol record:
That is all I have for you today. Join me tomorrow when I’ll talk about more cool #MSOMS stuff.
I invite you to follow me on Twitter and the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy! Blog. If you have any questions, send email to me at scripter@microsoft.com. I wish you a wonderful day, and I’ll see you tomorrow.
Ed Wilson
Microsoft Operations Management Team