By default, OMS security collects all events from Windows Security, Firewall event logs, and AppLocker. As a true hybrid cloud platform, OMS leverages the big data capabilities of the cloud and can ingest essentially any data you send to the service. This is subject to the pricing data tier that you opt for, with the various data rate and retention limits. While this ability to collect vast amounts of data can prove very useful in some scenarios, in other scenarios it could be cost-prohibitive.
OMS enables you to therefore filter the security events that you are most interested in, based on four broad classifications of security events:
- All events: This option is for users who want to collect ...