Working with System Center
Last Post
Due to changes in the Microsoft Corporate Blogging Policy, all of my existing content has been moved...
Date: 11/08/2018
Security Monitoring–Additional PowerShell Detections Addendum
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/21/2018
Security Monitoring–Using SCOM to Detect Legacy TLS Protocol Usage
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/13/2018
Security Monitoring–Additional PowerShell Detections
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/07/2018
Security Monitoring–Configuring SCOM to alert on attempts to kill Windows Defender
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/06/2018
Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 2
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/06/2018
Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 1
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 09/04/2018
Security Monitoring–Updating Service Created on DC Rule
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 08/15/2018
Security Monitoring–Updating Scheduled Task Creation Rule
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 08/15/2018
Securing SCOM in a Privilege Tiered Access Model–Part 3
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/24/2018
Securing SCOM in a Privilege Tiered Access Model–Part 2
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/18/2018
Securing SCOM in a Privilege Tiered Access Model–Part 1
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/17/2018
Configuring SCOM to Monitor Dell Storage Solutions
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/13/2018
SCOM Installer Failure with RC4 Protocol Disabled
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 06/22/2018
SCOM Agent Stuck in a Not Monitored State
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 06/12/2018
Future Plans/Requests for Security Monitoring MP
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/25/2018
Updated Security Monitoring MP is Now Available
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/04/2018
Security Monitoring Change Log
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/04/2018
In Place Upgrading the SSRS for SCOM
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/06/2018
Updating GPO Monitoring in Security Monitoring for MSFT AGPM
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 03/26/2018
Distributing SCOM Run As Accounts and Security Implications
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 02/26/2018
Security Monitoring: Using SCOM to detect NTLMv1 and LanManager Authentication Types
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 02/26/2018
Security Monitoring: A Possible New Way to Detect Privilege Escalation
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 01/25/2018
Security Monitoring: Using SCOM to Collect LAPS Events
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 01/04/2018
Reliable Time Monitor False Positives for AD Domain Member Monitoring
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 12/15/2017
Security Monitoring: Using SCOM to Detect Bypassed Authentication Package Back Door
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 11/21/2017
Security Monitoring: Detecting Wdigest Authentication
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 11/13/2017
Security Monitoring: Using SCOM to Detect SMB1 Authentications
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 11/13/2017
Security Monitoring: Using SCOM to detect NTLMv1 and LanManager Authentication Types
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 11/13/2017
Removing Local Admin Rights from the SCOM Action Account
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 08/11/2017
A Deep Dive into Dynamic Group Calculation and How it Affects SCOM Performance
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/21/2017
Stupid Little Problem with SNMP Version Tags
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 07/19/2017
SCOM Security Monitoring in Action: Detecting an Attacker
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 06/12/2017
Using SCOM to Capture Registering Remotely Located DLL Files
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/25/2017
Security Monitoring MP: Powershell Exploit Toolkit Rules
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/24/2017
Security Monitoring MP AppLocker Rules
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/19/2017
Security Monitoring Management Pack Summary
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/19/2017
Post Configuration Tasks for the Security Monitoring Management Pack
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/18/2017
Potential Areas for Noise in the Security Monitoring Management Pack
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/10/2017
Event Forwarding and How to Configure it For the Security Monitoring Management Pack
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/05/2017
Security Monitoring Management Pack GPO Summary
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/01/2017
Introducing the Security Monitoring Management Pack for SCOM (updated May 2018)
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 05/01/2017
Using SCOM to Capture Suspicious Process Creation Events
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/20/2017
Breaking apart the GPO Modification Process and Using SCOM to Detect GPO Changes – Part 2
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/19/2017
Windows Event Collector Discovery Management Pack
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/18/2017
Breaking apart the GPO Modification Process and Using SCOM to Detect GPO Changes – Part 1
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 04/17/2017
Using SCOM to Detect Scheduled Task Creation
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 03/17/2017
Using SCOM to Detect Service Creation
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 03/13/2017
Using SCOM to Detect Golden Tickets
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 03/08/2017
Using SCOM to Capture Events from the Forwarded Events Log
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to...
Date: 01/11/2017