Security threats increase in volume and sophistication every day. And regardless of your organization’s size or the industry you’re in, Azure Security Center threat detection capabilities, alerts, and recommended fixes can give you the tangible data you need to help protect your cloud resources. Plus, you can monitor your on-premises, hybrid, or cloud environment—Azure, Amazon, or any other public cloud—to get a more complete picture.
In Hybrid Cloud Workload Protection with Azure Security Center, a new course now available on Microsoft Virtual Academy, Yuri Diogenes and Ty Balascio offer an overview of Azure Security Center, including requirements, planning, onboarding, and troubleshooting. Ty and Yuri work with real-world data and share their experience in the industry to show how the threat landscape differs for a cloud or hybrid versus on-premises. And they explore threat detection and response in a lab environment so they can talk you through it.
Check out this detailed demo of using the investigation dashboard to drill down on an incident. You’ll see how to correlate multiple entities that are part of the same attack so you can understand how an attack moves against each host in a system. You’ll learn how to use that information to continue your investigation and pursue closure of your incident response.
If you can’t access the UNIX/Linux computers view in the Administration pane in Microsoft System Center 2012 R2 Operations Manager, then you probably receive the following error message:
Date: 12/30/2017 7:48:49 PM Application: Operations Manager Application Version: 7.1.10226.1360 Severity: Error Message: System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.SystemCenter.CrossPlatform.UI.OM.Integration.UnixComputerOperatingSystemHelper.JoinCollections(IEnumerable`1 managementServers, IEnumerable`1 resourcePools, IEnumerable`1 unixcomputers, IEnumerable`1 operatingSystems) at Microsoft.SystemCenter.CrossPlatform.UI.OM.Integration.UnixComputerOperatingSystemHelper.GetUnixComputerOperatingSystemInstances(String criteria) at Microsoft.SystemCenter.CrossPlatform.UI.OM.Integration.Administration.UnixAgentQuery.DoQuery(String criteria) at Microsoft.EnterpriseManagement.Mom.Internal.UI.Cache.Query`1.DoQuery(String criteria, Nullable`1 lastModified) at Microsoft.EnterpriseManagement.Mom.Internal.UI.Cache.Query`1.FullUpdateQuery(CacheSession session, IndexTable& indexTable, Boolean forceUpdate, DateTime queryTime) at Microsoft.EnterpriseManagement.Mom.Internal.UI.Cache.Query`1.InternalSyncQuery(CacheSession session, IndexTable indexTable, UpdateReason reason, UpdateType updateType) at Microsoft.EnterpriseManagement.Mom.Internal.UI.Cache.Query`1.InternalQuery(CacheSession session, UpdateReason reason) at Microsoft.EnterpriseManagement.Mom.Internal.UI.Cache.Query`1.TryDoQuery(UpdateReason reason, CacheSession session) at Microsoft.EnterpriseManagement.Mom.Internal.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)
The issue occurs if the UNIX/Linux monitoring resource pool is deleted
How to solve it!
To resolve the issue, follow these steps:
- Create a resource pool for UNIX/Linux monitoring. Give the new pool a different name than the name of the deleted resource pool.
- Add the management servers that perform UNIX/Linux monitoring to the new resource pool.
- Configure the UNIX/Linux Run As accounts to be distributed by the new resource pool. To do this, follow these steps:
- In the Operations console, go to Administration > Run As Configuration > UNIX/Linux Accounts.
- For each account, follow these steps:
– Right-click the account, and then select Properties.
– On the Distribution Security page of the UNIX/Linux Run As Accounts Wizard, select More Secure.
– In Selected computers and resource pools, select Add.
– Select Search by resource pool name, and then select Search.
– Select the new resource pool that is created in step 1, select Add, and then select OK.
- Run the following PowerShell cmdlet to retrieve the managed UNIX and Linux computers:
- Verify that the agents that are associated with the deleted resource pool still exist and that the relationship remains.
- Run the following command to change the managing resource pool to the one that is created in step 1:
$SCXPool = Get-SCOMResourcePool -DisplayName "<New Resource Pool Name>"
Get-SCXAgent | Set-SCXResourcePool -ResourcePool $SCXPool