This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 31%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Hi Team, Greetings...! Our customer needs to be alerted when SCCM server is hit by an external threat. Whether there are any Management packs associated for it. It would be of great help, if this case can be solved. Seeking your help in this case. Thanks in advance, Regards, Aswin Thomas
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
Answer accepted by question author
Hi Aswin Thomas(UST,IN), I fully agree with Andrew about SCOM being an operational tool in nature. The only MP for SCOM that is security related is the one Andrew mentioned. It has been devolped by Nathan Gau, who is Senior Cyber Security Consultant with Microsoft and was previosly a SCOM PFE. This the download link: Nathangau/SecurityMonitoring @ GitHub It covers a variaty of common security related use cases/vulnerabilities. I have summed those up and included all the links to the details:
In addition to this I would recommend you to install the new MECM Management Pack (if you haven't done it already), developed by Kevin Holman, as the old one is not supported anymore. Here is the link with some more interesting details: Monitoring Microsoft Endpoint Configuration Manager (MECM)
Some important additional information on the same topic: SCOM Security – the best tips, tools and MPs to secure your SCOM environment This is a session by Nathan Gau, who is the author of the Security MP. Some session info:
With cyber-attacks on the rise, security is top of the agenda for most IT teams. But there is no need to shell out for costly security products when SCOM has the building blocks to do security monitoring and is great for analysing log data. Join Cookdown’s Director of Products, Bruce Cullen, and Nathan Gau, Senior Cyber Security Consultant at Microsoft, for this month’s Coffee Break episode where they will be discussing how SCOM can help with intrusion detection, highlighting known vulnerabilities and augmenting organizational best practices surrounding security. They will also be showing off the latest version of Nathan Gau’s Security Monitoring MP, built from customer requests to use SCOM to do exactly these things. In this webinar, you will learn how:
- SCOM can be used as a security monitoring tool with the Security Monitoring MP
- To detect legacy protocols
- To identify security vulnerabilities before attackers do
- To look for signs that your IT estate is under attack
- To help implement Security best practices and processes through SCOM
Last, but not least, another session by Nathan Gau on the same topic, again on SCOMathon: SCOM as a security tool and securing SCOM Session summary:
Nathan’s session covered basic cyber security concepts for the IT professional, as well as how SCOM can be used as a cyber security tool. He also showed how to secure SCOM given that it is a very powerful tool that, if compromised, could easily be exploited by people with bad intentions.
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov
SCOM monitoring is usually operational in nature. You can do some security monitoring but it never really went in that direction (one example provided below). External threats are a broad topic. I am not aware of an on-prem security posture/attack monitoring solution from Microsoft. There are several cloud-based solutions like Defender for Cloud (Defender for Servers), Defender for Endpoint, and Defender for Identity that could help to protect an on-prem SCCM server. https://nathangau.wordpress.com/2017/05/01/introducing-the-security-monitoring-management-pack-for-scom/