I have been doing some digging in Microsoft Operations Management Suite and the Log analytics part and as you might know there is a “My Dashboards” view where you can save customized log searches as widgets.
Initially I have created two searches that is highly interesting to have for a better control of the environment. The first gives a threshold and highlights the value if there are more than 0 computers missing security updates. The second also have a threshold of 0 but this only for the latest 24 hours and shows how many accounts that have been added to the domain admins security group……
So here you can see the different log searches and how you can customize depending on how and what data you want to present and highlight.
Type=RequiredUpdate (UpdateSeverity=Critical and UpdateClassification="Security Updates") | measure count() by Computer
Type=SecurityEvent EventID=4728 OR EventID=4732 OR EventID=4756 Type=SecurityEvent TargetAccount="VNIKLAS\\Domain Admins" TimeGenerated>NOW-24HOURS
If you did not know it there is a free tier with up to 500 MB logs/ day and 7 days retention for the Log Analytics so start using it today!