In Place Upgrading the SSRS for SCOM

I ran into an odd issue today, doing an in-place upgrade of SQL 2012 SP3 to SQL 2016 in prep for a SCOM upgrade that was worth noting. My customer had separate instances for the DB/DW, and that upgrade was fine. However, when doing an inplace of SSRS, we got the following failure during the…

0

Updating GPO Monitoring in Security Monitoring for MSFT AGPM

This is something that was brought to my attention in regards to my security monitoring MP in regards to GPO modifications. Microsoft has a product called AGPM which allows administrators to control GPO modifications via an AGPM server. My understanding is that GPOs can still be modified by domain admins, but that (if setup right),…

0

Security Monitoring: Using SCOM to detect NTLMv1 and LanManager Authentication Types

One of the big changes in the next release of the Security Monitoring management pack will be reports designed to let administrators if they are using older protocols in their environments. It goes without saying that many older protocols are often full of vulnerabilities. As well, they tend to be on by default due to…

0

Security Monitoring: A Possible New Way to Detect Privilege Escalation

The problem that most defense mechanisms have in detecting the adversary is that they tend to be focused on detecting the tools far more so than detecting the results. There are reasons for this, the most obvious being that it is very easy for there to be false positives within the results, and as such,…

0

Security Monitoring: Using SCOM to Collect LAPS Events

This is a short post for documentation only, but LAPS can be configured to put audit events in the Windows Security Log. These are event ID 4662 with an Event Source of AdmPwd. I’ve set a collection rule for both Windows Event Collectors as well as Windows Servers to collect these events. There is currently…

0