XML for Product or Company Knowledge

Digging in the archives…     From a discussion with some PFE’s – the question was ‘how do I create knowledge for a monitor/rule?’ Tyson Paul pointed out the system Center Wiki  ‘Knowledge Article authoring’     When you create a knowledge article in an MP (let’s not even go into the console GUI! ) If the Knowledge…

2

Alerts in SCOM from Azure Application Insights with Azure Management Pack

To bring Alerts/Performance data from Azure to SCOM, Azure Management pack can be used. Azure Management Pack guide talks in detail about the Azure Management Pack capabilities. Please refer that more details. This blog will talk about how we can see the Alerts for Application Insights Availability Tests in SCOM console. Let’s start.   Install…

3

Scripting SCOM Registry key tweaks

  Time to tune!     Had some requests to script the registry tweaks for SCOM   Starting off with Holman’s blog entry …   TechNet Gallery download here   Save .txt file as .ps1   On SCOM Management server(s) Close out any SCOM Console session (to prevent SDK errors) Run as administrator in PowerShell window…


Workflow Manager Addendum MP for SQL Aliases

  A SQL Alias is kinda like wearing disguise glasses…   From a security perspective, you can make things difficult for attackers by specifying a SQL alias and different port for SQL.       Symptom – discovery fails for WFM pack   Trying to monitor and figure out what the real database name, instance, etc….


In Place Upgrading the SSRS for SCOM

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I ran into an odd issue today, doing an in-place upgrade of SQL 2012 SP3 to SQL 2016 in prep for a SCOM upgrade that was…


Security Monitoring: A Possible New Way to Detect Privilege Escalation

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. The problem that most defense mechanisms have in detecting the adversary is that they tend to be focused on detecting the tools far more so than…


Security Monitoring: Using SCOM to Detect Bypassed Authentication Package Back Door

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. One persistence method that an attacker can use is to modify an Operating System’s authentication packages in order to give the attacker a back door for…


Security Monitoring: Detecting Wdigest Authentication

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. One of the noisier items in the Security Monitoring Management Pack is the monitor that triggers against all Windows 2008 R2 and below systems if the…


Security Monitoring: Using SCOM to Detect SMB1 Authentications

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I think at this point, we are all aware of the dangers posed by continuing SMB1 authentication in an environment. The virus wannacry infected more than…