Using SCOM to Capture Registering Remotely Located DLL Files

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I’ve started browsing some sites that are cataloguing known attack vectors and came across this particular vulnerability that is worth discussing.  Many seasoned IT pros understand…

2

Security Monitoring MP: Powershell Exploit Toolkit Rules

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. In this post we will discuss using SCOM to detect various PowerShell Exploits that are commercially available for download and use.  I’d note that there are…

0

Security Monitoring MP AppLocker Rules

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I’ll be honest in that these are included because they are easy to do, but in reality, they do not provide much in terms of protection….

0

Security Monitoring Management Pack Summary

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I’m rewriting the main page for the Security Monitoring MP to be a bit less cluttered.  I will be using this space to document this management…

0

Post Configuration Tasks for the Security Monitoring Management Pack

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. As I have mentioned in the initial posts, using the security monitoring management pack is going to require certain practices in procedures be in place.  Simply…

0

Potential Areas for Noise in the Security Monitoring Management Pack

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I stated that a main purpose of this management pack is to keep noise volume to a minimum.  As such, the bulk of the rules in…

2

Event Forwarding and How to Configure it For the Security Monitoring Management Pack

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. One of the features that was built into the Security Monitoring Management Pack was the ability to discover and then monitor the contents of the Forwarded…

0

Security Monitoring Management Pack GPO Summary

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. If you’ve been reading my blog, you’ll note that in order to use SCOM for security monitoring, you’ll need to ensure that certain AD auditing policies…

1

Introducing the Security Monitoring Management Pack for SCOM (updated May 2018)

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. For those of you who haven’t met me or visited my blog, I’ve worked in SCOM now for the better part of 5 years.  I’ve also…

2