Security Monitoring–Configuring SCOM to alert on attempts to kill Windows Defender

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. This is just a quick update to the next revision of Security Monitoring. If you don’t use Windows Defender, this will not generate any alerts, and…

0

Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 2

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. You can find part 1 here. ***Please Read This First*** I need to preface this article by simply saying that this is the type of thing…

0

Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 1

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I had the privilege of attending Microsoft Ready this last July. That allowed for some very useful networking. In this case, I got to speak a…

2

Security Monitoring–Updating Service Created on DC Rule

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. One piece of feedback that I’ve seen in regards to security monitoring is noise due to services created on a domain controller. In general, this should…

0

Security Monitoring–Updating Scheduled Task Creation Rule

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. One piece of feedback I’ve gotten is that monitoring the creation of scheduled tasks as well as service creation on domain controllers can get a bit…

0