Using SCOM to Capture Events from the Forwarded Events Log

So I ran into an interesting problem the other day.  The premise was pretty simple. I have security events that are being forwarded from workstations via Windows Event Subscriptions.  The idea behind it is to avoid putting a SCOM agent on potentially thousands of workstations, but to instead look for key security events that will…

0