Security Monitoring Partnering with Easy Tune

Tune the Security MP in a fraction of the time

Good news! I have written a Tuning Pack for my Security Management Pack which means you can tune the pack in a fraction of the time with Easy Tune from Cookdown. My Tuning Pack is live today on the Easy Tune Community Store

What is Easy tune?

Easy Tune is a new (and free) way of setting overrides to tune SCOM alerting. Traditionally, tuning a management pack is painful – its about 10 clicks to set a single override and some management packs contain thousands of workflows you may want to tune, multiply this problem by multiple groups and you can see how days can be spent tuning.

Easy Tune takes the head ache out of setting up overrides by allowing you to set them quickly with Tuning Packs (which are essentially CSV files)

clip_image002

To get you started there is a Community Store (a GitHub repro) containing community curated Tuning Packs which you can tune directly from, and if you think the Tuning Packs available could be improved or added to, you can submit a PR to change overrides or simply create your own Tuning Packs. This can be done by copying a Tuning Pack from the Community Store, creating one from management packs installed in your SCOM environment.

Tuning packs contain “levels” which you can tune to. A level is basically a list of overrides stored in a column of a tuning packs CSV. All Tuning Packs, including ones you create yourself automatically get levels “Discovery Only” and “MP Defaults” (as Easy Tune can work these out from the source MPs automatically), as well as being able to specify your own overrides – these are great for understanding what the MP author intended the value to be or for turning off all workflows which aren’t discoveries (which will reduce SCOMs workload and allow you to tune up on a per group basis as needed)

clip_image004

One of the great things about Tuning Packs is their simplicity – they are just CSV files which is great when it comes to reviewing overrides with other teams or updating override values. The can easily be reviewed with domain experts to agree desired tuning without looking at SCOM at all (lets face it, the SCOM console it not a thing of beauty).

Once you have reached alert nirvana with Easy Tune, there are is a config drift tool built in to shine a light on where your effective overrides have drifted from those you set, allowing you to keep your tuning in tip top shape.

The folk at cookdown give all of this away for free. I think it is an awesome tool that is a must for all SCOM admins

Easy Tune PRO

Cookdown sell a PRO version of Easy Tune too – it adds some excellent additional features:

· Time of day alert tuning – allows you to specify different override values for specific times/days. Very useful for ramping up monitoring for the 9am Monday morning logon storm where you want to make sure everything is working as it should or for disabling monitoring during the nightly backup job.

· Automation capabilities via PowerShell – allows you to script tuning and solve any unique issues you have with tuning which aren’t supported out of the box

· Rich override config drift detection – config drift is shown along side each Tuning Pack where the effective monitoring is not what you have set with Easy Tune and gives you tooling to see where the effective monitoring is set to help you resolve conflicts.

I haven’t had a chance to play with the PRO features but they look really cool (especially time of day alert tuning!) but you can read more about it here.