Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Last Post
Due to changes in the Microsoft Corporate Blogging Policy, all of my existing content has been moved...
Date: 11/08/2018
Security Monitoring–Additional PowerShell Detections Addendum
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/21/2018
Security Monitoring–Using SCOM to Detect Legacy TLS Protocol Usage
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/13/2018
Security Monitoring–Additional PowerShell Detections
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/07/2018
Security Monitoring–Configuring SCOM to alert on attempts to kill Windows Defender
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/06/2018
Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 2
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/06/2018
Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 1
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/04/2018
Security Monitoring–Updating Service Created on DC Rule
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 08/15/2018
Security Monitoring–Updating Scheduled Task Creation Rule
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 08/15/2018
Securing SCOM in a Privilege Tiered Access Model–Part 3
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/24/2018
Securing SCOM in a Privilege Tiered Access Model–Part 2
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/18/2018
Securing SCOM in a Privilege Tiered Access Model–Part 1
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/17/2018
Configuring SCOM to Monitor Dell Storage Solutions
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/13/2018
SCOM Installer Failure with RC4 Protocol Disabled
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 06/22/2018
SCOM Agent Stuck in a Not Monitored State
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 06/12/2018
Future Plans/Requests for Security Monitoring MP
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/25/2018
Updated Security Monitoring MP is Now Available
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/04/2018
Security Monitoring Change Log
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/04/2018
In Place Upgrading the SSRS for SCOM
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/06/2018
Updating GPO Monitoring in Security Monitoring for MSFT AGPM
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 03/26/2018
Distributing SCOM Run As Accounts and Security Implications
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 02/26/2018
Security Monitoring: Using SCOM to detect NTLMv1 and LanManager Authentication Types
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 02/26/2018
Security Monitoring: A Possible New Way to Detect Privilege Escalation
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 01/25/2018
Security Monitoring: Using SCOM to Collect LAPS Events
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 01/04/2018
Reliable Time Monitor False Positives for AD Domain Member Monitoring
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 12/15/2017
Security Monitoring: Using SCOM to Detect Bypassed Authentication Package Back Door
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 11/21/2017
Security Monitoring: Detecting Wdigest Authentication
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 11/13/2017
Security Monitoring: Using SCOM to Detect SMB1 Authentications
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 11/13/2017
Security Monitoring: Using SCOM to detect NTLMv1 and LanManager Authentication Types
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 11/13/2017
Removing Local Admin Rights from the SCOM Action Account
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 08/11/2017
A Deep Dive into Dynamic Group Calculation and How it Affects SCOM Performance
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/21/2017
Stupid Little Problem with SNMP Version Tags
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/19/2017
SCOM Security Monitoring in Action: Detecting an Attacker
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 06/12/2017
Using SCOM to Capture Registering Remotely Located DLL Files
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/25/2017
Security Monitoring MP: Powershell Exploit Toolkit Rules
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/24/2017
Security Monitoring MP AppLocker Rules
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/19/2017
Security Monitoring Management Pack Summary
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/19/2017
Post Configuration Tasks for the Security Monitoring Management Pack
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/18/2017
Potential Areas for Noise in the Security Monitoring Management Pack
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/10/2017
Event Forwarding and How to Configure it For the Security Monitoring Management Pack
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/05/2017
Security Monitoring Management Pack GPO Summary
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/01/2017
Introducing the Security Monitoring Management Pack for SCOM (updated May 2018)
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/01/2017
Using SCOM to Capture Suspicious Process Creation Events
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/20/2017
Breaking apart the GPO Modification Process and Using SCOM to Detect GPO Changes – Part 2
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/19/2017
Windows Event Collector Discovery Management Pack
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/18/2017
Breaking apart the GPO Modification Process and Using SCOM to Detect GPO Changes – Part 1
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/17/2017
Using SCOM to Detect Scheduled Task Creation
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 03/17/2017
Using SCOM to Detect Service Creation
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 03/13/2017
Using SCOM to Detect Golden Tickets
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 03/08/2017
Using SCOM to Capture Events from the Forwarded Events Log
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 01/11/2017