Active Directory Alerting: Apples vs. Sour Cream


I know the title is a bit odd! However, I tried to come up with some items that were really different to make my point about different approaches to Active Directory alerting. Based on my tours around the world, Active Directory admins typically want to track and get immediate alerts on key changes that occur in their Active Directory environments. For example, getting an alert when the membership of the Domain Admins group changes is a common request. 

Now, let’s look at two approaches to completing this common alert request. The first will be using Microsoft Windows and the ability to focus on one or more event IDs to generate an alert. In lieu of being verbose and redundant, I’ll keep us focused on just on

Securing Active Directory: Group Membership Alerts


In our last installment, I showed you how you can analyze the current status of all of your groups that have elevated privileges. After you analyze your groups and ensure that only the correct users have elevated privileges, you then need to keep tabs on these groups to ensure that the group membership does not change without your knowledge.

If we try to accomplish this using Microsoft auditing, Event Viewer, and Scheduled Tasks, we will find that there is no way to just get alerts regarding our elevated privileged groups.

However, if you use the alerting capability of ADAudit Plus, getting those alerts is extremely easy. You can see in Figure 1 how easy it is to define the groups that you want to track.

group alerts figure1

Figure 1.

Integrate Applications Manager alerts into IBM Tivoli Console


To meet the growing complexity of their infrastructures, organizations today use numerous monitoring tools to track the health of their business environments. These monitoring tools generate alerts of statistics, errors, notifications or any other information that may be crucial to the enterprise. How does the operations team of any organization keep track of alerts from so many different tools generated on different systems?

We have received a fair number of queries from users whose enterprises use IBM Tivoli as their main Network Management System (NMS) console. They would like a direct method to display critical Applications Manager alerts in Tivoli’s console. This blog should help you in

Firewall Analyzer catches Spam Relays


“Be Proactive than Reactive” is a slogan for any NOC (Network Operations Control) or network specialist. The basic requirement is to ensure that there is no compromise activity on your network, and ensure the policies on your perimeter are intact.

Here is a support case, we faced very recently from an enterprise, which had a very large compromise attempt, and how our SEM (Security Event Management) module provided them enough information to nail down the issue completely.

This enterprise is one of a premium data centers, with multiple Firewalls deployed across the globe. Firewall Analyzer – Distributed edition is deployed, where Log collectors were monitoring their critical Firewa…