Discussion:
Audit Collection Reporting
(too old to reply)
Marty
2009-05-11 15:36:10 UTC
Permalink
We have a security requirement which someone suggested SCOM can accomplish
out of the box. If I understand correctly this works if the affected
computers have audit collection enabled and are configured so that audit
collection events are triggered when log data is changed, such as a user
changing data in an application log. Does this sound like something SCOM ACS
can accomplish or is this not something for which an audit log event can be
triggered?
Thanks!

"Use file integrity monitoring and change detection software on logs to
ensure that existing log data cannot be changed without generating alerts
(although new data being added should not cause an alert)."
Anders Bengtsson [MVP]
2009-05-11 19:21:28 UTC
Permalink
Hello Marty,

Ops Mgr ACS will collect all events in the security log and store them in
a central database. From the database you can run reports across all systems
to search for example logins or access deny events. You can use a group policy
to configure what your servers will write to the security log, for example
when someone edit a file or create a user in AD. IF you also need alerts,
you can configure rules to trigger alerts on some security events.

Anders Bengtsson
Microsoft MVP - System Center Operations Manager
www.contoso.se
Post by Marty
We have a security requirement which someone suggested SCOM can accomplish
out of the box. If I understand correctly this works if the affected
computers have audit collection enabled and are configured so that audit
collection events are triggered when log data is changed, such as a user
changing data in an application log. Does this sound like something SCOM ACS
can accomplish or is this not something for which an audit log event can be
triggered?
Thanks!
"Use file integrity monitoring and change detection software on logs
to ensure that existing log data cannot be changed without generating
alerts (although new data being added should not cause an alert)."
Marty
2009-05-11 21:41:01 UTC
Permalink
Thanks!
Post by Anders Bengtsson [MVP]
Hello Marty,
Ops Mgr ACS will collect all events in the security log and store them in
a central database. From the database you can run reports across all systems
to search for example logins or access deny events. You can use a group policy
to configure what your servers will write to the security log, for example
when someone edit a file or create a user in AD. IF you also need alerts,
you can configure rules to trigger alerts on some security events.
Anders Bengtsson
Microsoft MVP - System Center Operations Manager
www.contoso.se
Post by Marty
We have a security requirement which someone suggested SCOM can accomplish
out of the box. If I understand correctly this works if the affected
computers have audit collection enabled and are configured so that audit
collection events are triggered when log data is changed, such as a user
changing data in an application log. Does this sound like something SCOM ACS
can accomplish or is this not something for which an audit log event can be
triggered?
Thanks!
"Use file integrity monitoring and change detection software on logs
to ensure that existing log data cannot be changed without generating
alerts (although new data being added should not cause an alert)."
Loading...