Home > Audit Collection Services > Using OpsMgr to alert on security events

Using OpsMgr to alert on security events

If you want to use Operations Manager to alert on windows security events then Secure Vantage offer some great value management packs. But if you are only interested in a couple of event ids then you can easily do this yourself:

First determine the windows event id you need:
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx

Then create a rule or monitor to alert on the eventid. I actually prefer to use a rule rather than a monitor as there is no “healthy” event id to reset the monitor. You can use a timed reset monitor but you risk missing alerts as no new alerts will be generated while the monitor is in an “unhealthy” state.
http://blogs.technet.com/operationsmgr/archive/2009/05/12/opsmgr-2007-how-to-get-alert-for-domain-group-membership-changes.aspx

Update – Kevin Holman has also posted a blog article on this at http://blogs.technet.com/b/kevinholman/archive/2010/04/12/using-opsmgr-for-intrusion-detection-and-security-hardening.aspx

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: