To log all the required information and events in SCOM, we need to plan the compliance program. The planning includes identifying the data we need to audit and the events in Active Directory.
Before starting with detailed planning, you need to study the compliance regulatory documents (internal and external) to get the details of the information you need to log and audit.
In the recipes of this chapter, we will focus on the following two different scenarios:
Monitoring Active Directory for failed logons caused by a brute-force attack
Note
You can find more details on brute-force attacks at http://en.wikipedia.org/wiki/Brute-force_attack.
Monitoring and logging any access to files in a shared folder on a server