Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

MOM Security Event/Alert ideas

0 views
Skip to first unread message

Norem

unread,
Nov 8, 2007, 11:28:03 AM11/8/07
to
I would like to start a thread to gather/collect ideas for types of events to
setup for monitoring. Any event/alert can be posted, but I am focusing on
security auditing.

Here are a few that I look for currently:
1. New administrator account created
2. Administrator account deleted
3. Administrator logon
4. User failed logon
5. User account locked out
6. Patch applied to a server (will be the system generated reports needed
for audits)
7. User Accounts that have not logged in for 60 days

thanks

--
Jeff
jeff...@yahoo.com

Anders Bengtsson

unread,
Nov 9, 2007, 7:35:37 AM11/9/07
to
Hi Norem,

Please take a look at http://contoso.se/blog/?p=109

-----
Regards
Anders Bengtsson
Microsoft MVP - MOM
http://www.contoso.se


N> I would like to start a thread to gather/collect ideas for types of
N> events to setup for monitoring. Any event/alert can be posted, but I
N> am focusing on security auditing.
N>
N> Here are a few that I look for currently:
N> 1. New administrator account created
N> 2. Administrator account deleted
N> 3. Administrator logon
N> 4. User failed logon
N> 5. User account locked out
N> 6. Patch applied to a server (will be the system generated reports
N> needed
N> for audits)
N> 7. User Accounts that have not logged in for 60 days
N> thanks
N>


Thomas CR

unread,
Nov 16, 2007, 11:56:02 AM11/16/07
to
try look at the www.securevantage.com :-)
--
BR
Thomas CR
0 new messages