Table of Contents
- Getting Started
- Agent-Based Management
- Data Providers
- Directory Services
- Event Log Archiving for JSIG and CMMC Compliance
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- System Security Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Windows Audit Policy Monitor Template
- Windows Logon As Monitor Template
- Windows Update Template
- Windows Management Instrumentation (WMI) Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- Wake On LAN Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- File and Permission Reports
- Summary Reports
- Auto-Configurators
- Filters
- Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- Merging Logs
- SNMP
- SSH Shell
- Syslog
- Exporting and Importing Configuration Objects
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
Security Event Log | Security Group Management Report
The Security Group Management enables you to scan the consolidated log database for Audit Security Group Management events. This report is typically used by compliance and audit professionals while auditing domain controllers and stand-alone servers.
Server Manager includes two methods to report Audit Security Group Management events:
| Method | Description |
|---|---|
| One-Off Security Group Management Report | Parses Audit Security Group Management Event IDs, then returns a sub-set of the Event's columns. This report is supported on all locales. |
| Generic Security Group Management Report | Uses Regular Expressions to parse Security Event Log Entries, extract values, validate subject and target accounts in Active Directory, then finally filter entries using Event Log Filters. This report is only supported on English locales. |
How to configure the One-Off Security Group Management Report
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Management, right click on Security Group Management Report then select Properties. The Properties View displays.
- The Properties View contains 6 configuration tabs.
How to configure the Generic Security Group Management Report
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Management, right click on Security Group Management Report (Generic) then select Properties. The Properties View displays.
- The Properties View contains 8 configuration tabs.
The Options Tab
- Use the Filters drop-down to select all of the filters you would like to apply to the report.
Important
To target specific columns (e.g. Process Name), create a Complex Event Log Filter then, create a new Attribute Value Pair Criteria, specify the column's key (e.g. PROCESS_NAME) then, specify the full path to the process or regular expression to target.
Sample Regular Expression Driven Security Group Management Filter
- Once a filter is assigned, use the Include entries that pass drop-down to select the filter method.The following filter options are available:
| Option | Description |
|---|---|
| All | Include each entry that passes all assigned filters. |
| Any | Include each entry that passes any filter. |
| None | Include each entry that does not pass any of the filters. |
| Ignore | Include all entries. |
- Use the Apply filter frequency rules to display the Latest or Oldest entry when it occurs more than X times every X periods.
Note
A unique instance of these settings is attached to each assigned filter. Select the Filter to apply each instance's settings.
- Use the Duplicates controls to group entries by Source and Event ID then display Latest or Oldest entry along with a count of entries in each group.
Generic Security Group Management Report Properties View