Post Configuration Tasks for the Security Monitoring Management Pack

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. As I have mentioned in the initial posts, using the security monitoring management pack is going to require certain practices in procedures be in place.  Simply…


Event Forwarding and How to Configure it For the Security Monitoring Management Pack

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. One of the features that was built into the Security Monitoring Management Pack was the ability to discover and then monitor the contents of the Forwarded…


Using SCOM to Capture Suspicious Process Creation Events

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I recently had the privilege of chatting with Greg Cottingham on the Azure Security Center Analyst Team about process creation events and how to use them…


Breaking apart the GPO Modification Process and Using SCOM to Detect GPO Changes – Part 2

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. Part 1 is here.  In it, I covered monitoring for GPO changes or the creation of new GPOs.  As I learned when working through this, deleting…


SCOM 2012 WebConsole and FIPS Compatibility

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. Updated article on this subject can be found here.  It has SCOM 2016 info, as well as a link to the a download for the files…