Using SCOM to Capture Suspicious Process Creation Events

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I recently had the privilege of chatting with Greg Cottingham on the Azure Security Center Analyst Team about process creation events and how to use them…


Using SCOM to Detect Golden Tickets

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. For the three people that religiously read my blog, you know by now that I’ve been writing quite a bit on using SCOM to detect some…