MOM Security Event/Alert ideas

Discussion:

(too old to reply)

Norem

2007-11-08 16:28:03 UTC

I would like to start a thread to gather/collect ideas for types of events to
setup for monitoring. Any event/alert can be posted, but I am focusing on
security auditing.

Here are a few that I look for currently:
1. New administrator account created
2. Administrator account deleted
3. Administrator logon
4. User failed logon
5. User account locked out
6. Patch applied to a server (will be the system generated reports needed
for audits)
7. User Accounts that have not logged in for 60 days

thanks

--
Jeff
***@yahoo.com

Anders Bengtsson

2007-11-09 12:35:37 UTC

Permalink

Hi Norem,

Please take a look at http://contoso.se/blog/?p=109

-----
Regards
Anders Bengtsson
Microsoft MVP - MOM
http://www.contoso.se

N> I would like to start a thread to gather/collect ideas for types of
N> events to setup for monitoring. Any event/alert can be posted, but I
N> am focusing on security auditing.
N>
N> Here are a few that I look for currently:
N> 1. New administrator account created
N> 2. Administrator account deleted
N> 3. Administrator logon
N> 4. User failed logon
N> 5. User account locked out
N> 6. Patch applied to a server (will be the system generated reports
N> needed
N> for audits)
N> 7. User Accounts that have not logged in for 60 days
N> thanks
N>

Thomas CR

2007-11-16 16:56:02 UTC

Permalink

try look at the www.securevantage.com :-)
--
BR
Thomas CR

Post by Norem
I would like to start a thread to gather/collect ideas for types of events to
setup for monitoring. Any event/alert can be posted, but I am focusing on
security auditing.
1. New administrator account created
2. Administrator account deleted
3. Administrator logon
4. User failed logon
5. User account locked out
6. Patch applied to a server (will be the system generated reports needed
for audits)
7. User Accounts that have not logged in for 60 days
thanks
--
Jeff