Changelog for Security.Monitoring Management Pack

1.0.7.1 [...]

Type	Name	Change
DataSourceModuleType	SecurityMonitoringMP.LocalAccountChange.DS	Added
DataSourceModuleType	SecurityMonitoringMP.Modules.SecurityLogClear.DS	Added
DataSourceModuleType	SecurityMonitoringMP.Modules.SystemLogClear.DS	Added
DataSourceModuleType	SecurityMonitoringMP.SuspiciousUserContext.DS	Added
DataSourceModuleType	SecurityMonitoringMP.4688CommandAudit.DS	Changed
DataSourceModuleType	SecurityMonitoringMP.DCServiceCreation.DS	Changed
DataSourceModuleType	SecurityMonitoringMP.GPOMonitoring.GPOEvent.DS	Changed
DataSourceModuleType	SecurityMonitoringMP.WriteableDirectories.DS	Changed
MonitorPropertyOverride	OverrideForMonitorSecurityMonitoringMPUseLogonCredentialExistsMonitor.Server2012R2	Deleted
References	Security.Monitoring	Changed
Rule	Security.Monitoring.SecurityLogClearedv2	Added
Rule	Security.Monitoring.SuspiciousUserContext	Added
Rule	Security.Monitoring.SystemLogClearedv2	Added
Rule	Security.Monitoring.Event.ByPassExecutionPolicy	Changed
Rule	Security.Monitoring.Event.InvokeEncodedCommand	Changed
Rule	Security.Monitoring.Event.InvokeRemoteExpression	Changed
Rule	Security.Monitoring.Event.PowerShellRuninMemoryOnly	Changed
Rule	Security.Monitoring.SecurityMonitoring.Event.GPOCreation	Changed
Rule	Security.Monitoring.SecurityMonitoring.Event.GPODeletionRule	Changed
Rule	SecurityMonitoring.Event.FailedLogin	Changed
Rule	SecurityMonitoringMP.Accounts.LocalAdminChange	Changed
Rule	SecurityMonitoringMP.Event.SecurityLogCleared	Changed
Rule	SecurityMonitoringMP.Event.SystemLogCleared	Changed

1.0.6.0 [...]

Type	Name	Change
AggregateMonitor	Security.Monitoring.DCAuditSettings	Added
AggregateMonitor	Security.Monitoring.MemberServerAuditSettings	Added
ClassType	Security.Monitoring.AdminAccounts	Added
ClassType	Security.Monitoring.SecurityMonitoringDA	Added
ClassType	Security.Monitoring.SecurityMonitoringDA.DomainControllers	Added
ClassType	Security.Monitoring.SecurityMonitoringDA.MemberServers	Added
ClassType	Security.Monitoring.WindowsComputersExtendedWriteableDirectoryMonitoring	Added
ClassType	Security.Monitoring.WriteableLocations	Added
ClassType	Security.Monitoring.WriteableLocationsSeedClass	Added
DataSourceModuleType	Security.Monitoring.AuditPol.DS	Added
DataSourceModuleType	Security.Monitoring.DistributedApplication.DataSource	Added
DataSourceModuleType	Security.Monitoring.DistributedApplicationMS.DataSource	Added
DataSourceModuleType	SecurityMonitoringMP.4688CommandAudit.DS	Added
DataSourceModuleType	SecurityMonitoringMP.DCServiceCreation.DS	Added
DataSourceModuleType	SecurityMonitoringMP.Discoveries.DiscoverWriteableFileLocations	Added
DataSourceModuleType	SecurityMonitoringMP.ScheduledTaskCreation.DS	Added
DataSourceModuleType	SecurityMonitoringMP.WriteableDirectories.DS	Added
DataSourceModuleType	SecurityMonitoringMP.WriteableDirectoriesExtended.DS	Added
DataSourceModuleType	Security.Monitoring.SMBv1Connections.DS	Changed
DependencyMonitor	Security.Monitoring.AccountLogonForDC	Added
DependencyMonitor	Security.Monitoring.AccountLogonForMS	Added
DependencyMonitor	Security.Monitoring.DCConfigGroupRollup	Added
DependencyMonitor	Security.Monitoring.DCDirectoryServicesAudit	Added
DependencyMonitor	Security.Monitoring.IncludeCommandLineonDCs	Added
DependencyMonitor	Security.Monitoring.IncludeCommandLineonMS	Added
DependencyMonitor	Security.Monitoring.MemberServerProcessCreation	Added
DependencyMonitor	Security.Monitoring.SecurityGroupManagementforDC	Added
DependencyMonitor	Security.Monitoring.SpecialGroupLogonDC	Added
DependencyMonitor	Security.Monitoring.SpecialGroupLogonMS	Added
DependencyMonitor	Security.Monitoring.UserAcctforMS	Added
Discovery	Security.Monitoring.AdminAccountDiscovery	Added
Discovery	Security.Monitoring.DA.DCDiscovery	Added
Discovery	Security.Monitoring.DA.MSDiscovery	Added
Discovery	Security.Monitoring.Discoveries.UserWriteableLocationSeed	Added
Discovery	Security.Monitoring.DiscoverWriteableFileLocations	Added
Discovery	Security.Monitoring.PopulateExtendedWriteableDirectoryComputerGroup	Added
Folder	SecurityMonitoringMP.Folder.Administration	Added
FolderItem	i23e6b51216814447b3b73c5124fae3d3	Added
FolderItem	i2465151f071a4563af2090f8f6f734ce	Added
FolderItem	ibbd540dc68af4043bfdb9f75cf03ae00	Added
FolderItem	if879997c69ee482abc74aca8ebbe4367	Added
MonitorPropertyOverride	OverrideForMonitorSecurityMonitoringAccountLogonAuditingMemberServerForContextMicrosoftSystemCenterManagementServerComputersGroup	Added
MonitorPropertyOverride	OverrideForMonitorSecurityMonitoringCommandLineAuditingMemberServerForContextMicrosoftSystemCenterManagementServerComputersGroup	Added
MonitorPropertyOverride	OverrideForMonitorSecurityMonitoringProcessCreationMemberServerForContextMicrosoftSystemCenterManagementServerComputersGroup	Added
MonitorPropertyOverride	OverrideForMonitorSecurityMonitoringSpecialGroupLogonMemberServerForContextMicrosoftSystemCenterManagementServerComputersGroup	Added
MonitorPropertyOverride	OverrideForMonitorSecurityMonitoringUserAccountManagementAuditingMemberServerForContextMicrosoftSystemCenterManagementServerComputersGroup	Added
ProbeActionModuleType	Security.Monitoring.AuditPol.PowerShell	Added
ProbeActionModuleType	Security.Monitoring.SMBv1Connections.PowerShell	Changed
References	Security.Monitoring	Changed
RelationshipType	Security.Monitoring.SecurityMonitoringDARelationships	Added
RelationshipType	Security.Monitoring.SecurityMonitoringDARelationshipsForDCs	Added
RelationshipType	Security.Monitoring.SecurityMonitoringDARelationshipsForMemberServers	Added
RelationshipType	Security.Monitoring.SecurityMonitoringDARelationshipsforMS	Added
Report	Security.Monitoring.LegacyTLSConnectionReport	Added
ReportResource	LegacyTLSConnectionReport.ID	Added
Rule	Security.Monitoring.CollectLegacyTLSEvents	Added
Rule	Security.Monitoring.Event.ByPassExecutionPolicy	Added
Rule	Security.Monitoring.Event.InvokeEncodedCommand	Added
Rule	Security.Monitoring.Event.InvokeRemoteExpression	Added
Rule	Security.Monitoring.Event.KillWindowsDefender	Added
Rule	Security.Monitoring.Event.PowerShellRuninMemoryOnly	Added
Rule	Security.Monitoring.Event.WMIPersistence	Added
Rule	Security.Monitoring.Event.WMIRemote.Destination	Added
Rule	Security.Monitoring.Event.WMIRemote.Source	Added
Rule	Security.Monitoring.ExecutableRunFromUserWriteableDirectory	Added
Rule	Security.Monitoring.ExecutableRuninWriteableDirectoriesExtended	Added
Rule	Security.Monitoring.ForwardedEvents.ByPassExecutionPolicy	Added
Rule	Security.Monitoring.ForwardedEvents.ExecutableRunFromUserWriteableDirectory	Added
Rule	Security.Monitoring.ForwardedEvents.InvokeEncodedCommand	Added
Rule	Security.Monitoring.ForwardedEvents.InvokeRemoteExpression	Added
Rule	Security.Monitoring.ForwardedEvents.KillWindowsDefender	Added
Rule	Security.Monitoring.ForwardedEvents.PowerShellRuninMemoryOnly	Added
Rule	Security.Monitoring.SecurityMonitoring.Event.ScheduledTaskCreatedOnServer	Added
Rule	Security.Monitoring.SecurityMonitoring.Event.ServiceCreatedonDC	Added
Rule	Security.Monitoring.Collect.SMBv1Connections	Changed
Rule	Security.Monitoring.Event.RemoteRegSvr32	Changed
Rule	Security.Monitoring.ForwardedEvents.4688.GenericCryptoRansomWare	Changed
Rule	Security.Monitoring.ForwardedEvents.RemoteRegSvr32	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousApplockerJava	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousApplockerRegsvr	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousCMD	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousFTPCommand	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousReg	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousWindowsPosition	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousApplockerJava	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousApplockerRegsvr	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousCMD	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousFTPCommand	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousReg	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousWindowsPosition	Changed
Rule	SecurityMonitoringMP.ThreatHunt.BatchLogonInUse	Changed
Rule	SecurityMonitoringMP.Event.ScheduledTaskCreation	Deleted
Rule	SecurityMonitoringMP.Event.ServiceCreatedonDC	Deleted
RulePropertyOverride	OverrideForRuleSecurityMonitoringExecutableRunFromUserWriteableDirectory	Added
RulePropertyOverride	OverrideForRuleSecurityMonitoringMPEventLocalAccountCreatedonServer.DomainControllers	Added
RulePropertyOverride	OverrideForRuleSecurityMonitoringMPEventLocalAdminChange.DomainControllers	Added
RulePropertyOverride	OverrideForRuleSecurityMonitoringMP.Pth.PtHAgainstTier1.ServerDCComputer	Deleted
RulePropertyOverride	OverrideForRuleSecurityMonitoringMP.Pth.PtHAgainstTier1.SQLComputer	Deleted
Task	SecurityMonitoring.PowerShell.Task.CreateUserWriteableRegKey	Added
Task	SecurityMonitoring.PowerShell.Task.RemoveUserWriteableRegKey	Added
UnitMonitor	Security.Monitoring.AuditAccountLogonDC	Added
UnitMonitor	Security.Monitoring.AuditAccountLogonMS	Added
UnitMonitor	Security.Monitoring.DirectoryServiceChangeAuditing	Added
UnitMonitor	Security.Monitoring.IncludeCommandLineProcessCreationonDCs	Added
UnitMonitor	Security.Monitoring.IncludeCommandLineProcessCreationonMS	Added
UnitMonitor	Security.Monitoring.ProcessCreationMemberServer	Added
UnitMonitor	Security.Monitoring.SecurityAudit.ProcessCreationDC	Added
UnitMonitor	Security.Monitoring.SGManagementDC	Added
UnitMonitor	Security.Monitoring.SpecialGroupLogonAuditingEnabledonDC	Added
UnitMonitor	Security.Monitoring.SpecialGroupLogonEnabledOnMemberServers	Added
UnitMonitor	Security.Monitoring.UserAccountMgmtMS	Added
UnitMonitor	SecurityMonitoringMP.UseLogonCredentialExistsMonitor	Changed
UnitMonitorType	Security.Monitoring.AuditPolMonitorType	Added
UnitMonitorType	SecurityMonitoringMP.CommandLineAuditSetting	Added
UnitMonitorType	CheckRegValue	Changed
View	SecurityMonitoringMP.View.DADocumentation	Added
View	SecurityMonitoringMP.View.DCDistributedApp	Added
View	SecurityMonitoringMP.View.MemberServerDistributedApp	Added
View	SecurityMonitoringMP.View.OnlineDocumentation	Added

1.0.4.272 [...]

Type	Name	Change
DataSourceModuleType	Security.Monitoring.MultiStringRegistry.DS	Added
DataSourceModuleType	Security.Monitoring.SMBv1Connections.DS	Added
DataSourceModuleType	SecurityMonitoring.Event.RepeatedFailedLogind.DS	Added
DataSourceModuleType	SecurityMonitoringMP.GPOMonitoring.GPOEvent.DS	Added
DataSourceModuleType	SecurityMonitoringMP.GPOMonitoring.Event.DS	Changed
ProbeActionModuleType	Security.Monitoring.MultiStringRegistry.PowerShell	Added
ProbeActionModuleType	Security.Monitoring.SMBv1Connections.PowerShell	Added
Report	Security.Monitoring.AlertSummary	Added
Report	Security.Monitoring.BatchLogonReport	Added
Report	Security.Monitoring.EventCollectionSummary	Added
Report	Security.Monitoring.LanManConnectionReport	Added
Report	Security.Monitoring.NTLMv1ConnectionReport	Added
Report	Security.Monitoring.SMBv1ConnectionReport	Added
Report	Security.Monitoring.WDigestConnectionReport	Added
ReportResource	AlertSummary.ID	Added
ReportResource	BatchLogonReport.ID	Added
ReportResource	EventCollectionSummary.ID	Added
ReportResource	LanManConnectionReport.ID	Added
ReportResource	NTLMv1ConnectionReport.ID	Added
ReportResource	SMBv1ConnectionReport.ID	Added
ReportResource	WDigestConnectionReport.ID	Added
ReportResource	FailedLoginDetails.ID	Changed
ReportResource	FailedLoginSummary.ID	Changed
ReportResource	FailedLoginSummary24.ID	Changed
Rule	Security.Monitoring.Collect.SMBv1Connections	Added
Rule	Security.Monitoring.CollectionRule.CollectLAPSEvents	Added
Rule	Security.Monitoring.Event.4688.GenericCryptoRansomWare	Added
Rule	Security.Monitoring.Event.RemoteRegSvr32	Added
Rule	Security.Monitoring.Event.SeDebugPrivilegeEscalation	Added
Rule	Security.Monitoring.EventCollection.LanMan	Added
Rule	Security.Monitoring.EventCollection.NTLMV1	Added
Rule	Security.Monitoring.EventCollection.WdigestAuthentication	Added
Rule	Security.Monitoring.ForwardedEvents.4688.GenericCryptoRansomWare	Added
Rule	Security.Monitoring.ForwardedEvents.CollectLAPSEvents	Added
Rule	Security.Monitoring.ForwardedEvents.DebugEscalation	Added
Rule	Security.Monitoring.ForwardedEvents.FindAVSignature	Added
Rule	Security.Monitoring.ForwardedEvents.GetDLLLoadPath	Added
Rule	Security.Monitoring.ForwardedEvents.GetHTTPStatus	Added
Rule	Security.Monitoring.ForwardedEvents.GetKeystroke	Added
Rule	Security.Monitoring.ForwardedEvents.InvokeDLLInjection	Added
Rule	Security.Monitoring.ForwardedEvents.InvokeMimikatz	Added
Rule	Security.Monitoring.ForwardedEvents.InvokeNinjaCopy	Added
Rule	Security.Monitoring.ForwardedEvents.InvokePortScan	Added
Rule	Security.Monitoring.ForwardedEvents.InvokeShellCodeInUse	Added
Rule	Security.Monitoring.ForwardedEvents.PowerShellStartHiddenProcess	Added
Rule	Security.Monitoring.ForwardedEvents.RemoteRegSvr32	Added
Rule	Security.Monitoring.PowerShellLog.FindAVSignature	Added
Rule	Security.Monitoring.PowerShellLog.GetDLLLoadPath	Added
Rule	Security.Monitoring.PowerShellLog.GetHTTPStatus	Added
Rule	Security.Monitoring.PowerShellLog.GetKeystroke	Added
Rule	Security.Monitoring.PowerShellLog.InvokeDLLInjection	Added
Rule	Security.Monitoring.PowerShellLog.InvokeMimikatzInUse	Added
Rule	Security.Monitoring.PowerShellLog.InvokeNinjaCopy	Added
Rule	Security.Monitoring.PowerShellLog.InvokePortScan	Added
Rule	Security.Monitoring.PowerShellLog.InvokeShellCodeInUse	Added
Rule	Security.Monitoring.PowerShellLog.PowerShellStartHiddenProcess	Added
Rule	Security.Monitoring.SecurityMonitoring.Event.DCOUModify	Added
Rule	Security.Monitoring.SecurityMonitoring.Event.GPOCreation	Added
Rule	Security.Monitoring.SecurityMonitoring.Event.GPODeletionRule	Added
Rule	SecurityMonitoring.Event.FailedLogin	Changed
Rule	SecurityMonitoringMP.Accounts.DomainAdminChange	Changed
Rule	SecurityMonitoringMP.Accounts.EnterpriseAdminChange	Changed
Rule	SecurityMonitoringMP.Accounts.LocalAdminChange	Changed
Rule	SecurityMonitoringMP.Accounts.SchemaAdminChange	Changed
Rule	SecurityMonitoringMP.APPLocker.Mimikatz	Changed
Rule	SecurityMonitoringMP.APPLocker.ProhibitedApp	Changed
Rule	SecurityMonitoringMP.APPLocker.PSExec	Changed
Rule	SecurityMonitoringMP.APPLocker.WCE	Changed
Rule	SecurityMonitoringMP.APPLocker.WinRar	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousApplockerJava	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousApplockerRegsvr	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousCMD	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousFTPCommand	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousReg	Changed
Rule	SecurityMonitoringMP.Event.4688.SuspiciousWindowsPosition	Changed
Rule	SecurityMonitoringMP.Event.GoldenTicketDetection	Changed
Rule	SecurityMonitoringMP.Event.LocalAccountCreatedonServer	Changed
Rule	SecurityMonitoringMP.Event.ScheduledTaskCreation	Changed
Rule	SecurityMonitoringMP.Event.SecurityLogCleared	Changed
Rule	SecurityMonitoringMP.Event.ServiceCreatedonDC	Changed
Rule	SecurityMonitoringMP.Event.ServiceCreatedonMemberServer	Changed
Rule	SecurityMonitoringMP.Event.ServiceKnownThreat	Changed
Rule	SecurityMonitoringMP.Event.SmartCardDisabled	Changed
Rule	SecurityMonitoringMP.Event.SoftwareInstallOnServer	Changed
Rule	SecurityMonitoringMP.Event.SoftwareRemovedFromServer	Changed
Rule	SecurityMonitoringMP.Event.SystemLogCleared	Changed
Rule	SecurityMonitoringMP.Event.SystemPoweredOff	Changed
Rule	SecurityMonitoringMP.Event.SystemRestarted	Changed
Rule	SecurityMonitoringMP.Event.UnexpectedShutdown	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousApplockerJava	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousApplockerRegsvr	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousCMD	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousFTPCommand	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousReg	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.4688.SuspiciousWindowsPosition	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.CredentialSwap	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.LocalUserCreatedDeleted	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.ProhibitedApp	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.PtHTier2	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.SecurityLogCleared	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.ServiceCreation	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.ServiceCreationKnownThreats	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.SpecialGroupLogon	Changed
Rule	SecurityMonitoringMP.ForwardedEvents.SystemLogCleared	Changed
Rule	SecurityMonitoringMP.GPOMonitoring.EventAndScript.Rule	Changed
Rule	SecurityMonitoringMP.Pth.CredentialSwap	Changed
Rule	SecurityMonitoringMP.Pth.PtHAgainstDC	Changed
Rule	SecurityMonitoringMP.Pth.PtHAgainstTier1	Changed
Rule	SecurityMonitoringMP.ThreatHunt.BatchLogonInUse	Changed
Rule	SecurityMonitoringMP.ThreatHunt.SpecialGroupLogon	Changed
Rule	SecurityMonitoringMP.Event.GPOCreation	Deleted
Rule	SecurityMonitoringMP.Event.GPODelection	Deleted
Rule	SecurityMonitoringMP.ForwardedEvents.PowerSploit	Deleted
Rule	SecurityMonitoringMP.PowerShellLog.PowerSploit	Deleted
Rule	SecurityMonitoringMP.ThreatHunt.GoldenTicket	Deleted
RulePropertyOverride	OverrideForRuleSecurityMonitoringEventSeDebugPrivilegeEscalation	Added
RulePropertyOverride	OverrideForRuleSecurityMonitoringMPEventLocalAccountCreatedonServer.DomainControllers	Deleted
UnitMonitor	Security.Monitoring.Monitors.AuthenticationPackages	Added
UnitMonitor	SecurityMonitoringMP.Event.RepeatedLogonMonitor	Changed
UnitMonitor	SecurityMonitoringMP.WDigestRegConfiguredMonitor	Changed
UnitMonitorType	CheckRegValue	Added
UnitMonitorType	CheckRegValueString	Added
UnitMonitorType	MultiStringRegMonitorType	Added

1.0.3.5 [...]

FIRST VERSION OF THIS MANAGEMENT PACK