Generate security monitoring alerts using SCOM
Join Matthew Long and Adam Kinniburgh as they talk to Microsoft Premier Field Engineer Nathan Gau about his free Security Monitoring MP for SCOM.
Nathan has spent over a year building a SCOM management pack that generates alerts for all sorts of security related events, ranging from items such extremely rare operational events (such as modifying group policy or changing admin group membership) which could potentially be a sign of intrusion, to definite signs of attack (Kerberos ticket exploits, known tool execution), all whilst minimising as much noise as possible.
We discuss the design philosophy of the management pack with Nathan, along with how it fits into a "defence in depth" strategy if you're already using other event collection tools. Nathan allows talks about his personal "top 3" security features to enable if you have limited time or political backing in your organisation.
The webinar also includes a brief look at the new Community MP Catalog, which makes it easy to find awesome free management packs like this and be notified of updated versions, right from within the SCOM console.
You can download the accompanying slides here.
The Definitive Guide
Monitoring the Hybrid Cloud with Microsoft SCOM
- Blog: Introducing the Security Monitoring MP
- Blog: The anatomy of a good Alert Management process
- Community Catalog MP
What's up next?
- 31 October - Behind the Scenes: The Community MP Catalog
Take our Coffee Break survey to have your say on what we should cover next.
Not signed up to the series? Sign up here.