Generate security monitoring alerts using SCOM

Generate security monitoring alerts using SCOM

Join Matthew Long and Adam Kinniburgh as they talk to Microsoft Premier Field Engineer Nathan Gau about his free Security Monitoring MP for SCOM.

Nathan has spent over a year building a SCOM management pack that generates alerts for all sorts of security related events, ranging from items such extremely rare operational events (such as modifying group policy or changing admin group membership) which could potentially be a sign of intrusion, to definite signs of attack (Kerberos ticket exploits, known tool execution), all whilst minimising as much noise as possible.

We discuss the design philosophy of the management pack with Nathan, along with how it fits into a "defence in depth" strategy if you're  already using other event collection tools. Nathan allows talks about his personal "top 3" security features to enable if you have limited time or political backing in your organisation.

The webinar also includes a brief look at the new Community MP Catalog, which makes it easy to find awesome free management packs like this and be notified of updated versions, right from within the SCOM console.

  

You can download the accompanying slides here.


Useful links

 

What's up next?

  • 31 October - Behind the Scenes: The Community MP Catalog

 

Take our Coffee Break survey to have your say on what we should cover next. 

Not signed up to the series? Sign up here.

 

Related Content

© Squared Up Ltd. 2018

Squared Up is a registered trademark of Squared Up Ltd. All other trademarks are the property of their respective owners. Privacy policy | Terms and Conditions