Working with System Center

Last Post

Due to changes in the Microsoft Corporate Blogging Policy, all of my existing content has been moved...

Author: Nathan Gau Date: 11/08/2018

Security Monitoring–Additional PowerShell Detections Addendum

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 09/21/2018

Security Monitoring–Using SCOM to Detect Legacy TLS Protocol Usage

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 09/13/2018

Security Monitoring–Additional PowerShell Detections

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 09/07/2018

Security Monitoring–Configuring SCOM to alert on attempts to kill Windows Defender

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 09/06/2018

Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 2

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 09/06/2018

Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 1

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 09/04/2018

Security Monitoring–Updating Service Created on DC Rule

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 08/15/2018

Security Monitoring–Updating Scheduled Task Creation Rule

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 08/15/2018

Securing SCOM in a Privilege Tiered Access Model–Part 3

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 07/24/2018

Securing SCOM in a Privilege Tiered Access Model–Part 2

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 07/18/2018

Securing SCOM in a Privilege Tiered Access Model–Part 1

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 07/17/2018

Configuring SCOM to Monitor Dell Storage Solutions

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 07/13/2018

SCOM Installer Failure with RC4 Protocol Disabled

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 06/22/2018

SCOM Agent Stuck in a Not Monitored State

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 06/12/2018

Future Plans/Requests for Security Monitoring MP

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/25/2018

Updated Security Monitoring MP is Now Available

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/04/2018

Security Monitoring Change Log

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/04/2018

In Place Upgrading the SSRS for SCOM

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 04/06/2018

Updating GPO Monitoring in Security Monitoring for MSFT AGPM

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 03/26/2018

Distributing SCOM Run As Accounts and Security Implications

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 02/26/2018

Security Monitoring: Using SCOM to detect NTLMv1 and LanManager Authentication Types

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 02/26/2018

Security Monitoring: A Possible New Way to Detect Privilege Escalation

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 01/25/2018

Security Monitoring: Using SCOM to Collect LAPS Events

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 01/04/2018

Reliable Time Monitor False Positives for AD Domain Member Monitoring

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 12/15/2017

Security Monitoring: Using SCOM to Detect Bypassed Authentication Package Back Door

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 11/21/2017

Security Monitoring: Detecting Wdigest Authentication

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 11/13/2017

Security Monitoring: Using SCOM to Detect SMB1 Authentications

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 11/13/2017

Security Monitoring: Using SCOM to detect NTLMv1 and LanManager Authentication Types

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 11/13/2017

Removing Local Admin Rights from the SCOM Action Account

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 08/11/2017

A Deep Dive into Dynamic Group Calculation and How it Affects SCOM Performance

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 07/21/2017

Stupid Little Problem with SNMP Version Tags

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 07/19/2017

SCOM Security Monitoring in Action: Detecting an Attacker

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 06/12/2017

Using SCOM to Capture Registering Remotely Located DLL Files

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/25/2017

Security Monitoring MP: Powershell Exploit Toolkit Rules

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/24/2017

Security Monitoring MP AppLocker Rules

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/19/2017

Security Monitoring Management Pack Summary

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/19/2017

Post Configuration Tasks for the Security Monitoring Management Pack

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/18/2017

Potential Areas for Noise in the Security Monitoring Management Pack

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/10/2017

Event Forwarding and How to Configure it For the Security Monitoring Management Pack

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/05/2017

Security Monitoring Management Pack GPO Summary

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/01/2017

Introducing the Security Monitoring Management Pack for SCOM (updated May 2018)

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 05/01/2017

Using SCOM to Capture Suspicious Process Creation Events

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 04/20/2017

Breaking apart the GPO Modification Process and Using SCOM to Detect GPO Changes – Part 2

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 04/19/2017

Windows Event Collector Discovery Management Pack

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 04/18/2017

Breaking apart the GPO Modification Process and Using SCOM to Detect GPO Changes – Part 1

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 04/17/2017

Using SCOM to Detect Scheduled Task Creation

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 03/17/2017

Using SCOM to Detect Service Creation

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 03/13/2017

Using SCOM to Detect Golden Tickets

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 03/08/2017

Using SCOM to Capture Events from the Forwarded Events Log

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...

Author: Nathan Gau Date: 01/11/2017

Next>