SCOM 2007 提供Windows 安全稽核報表服務,但必須要靈活運用這些報表功能
方能達到整合客戶日常稽核流程!不同的報表依造其內容特性,
固定周期產出報表進行稽核作業。請參考下表:
| 帳號管理-稽核報表 | ||||||
| 報表名稱 | 每日 | 每週 | 每月 | 每季 | 稽核 |
|
| Access-Violation-Unsuccessful Logon Attempts | ★ | ★ | ★ | | ★ |
|
| Account Management-Domain and Build-in Administrator Membership Changes | | ★ | ★ | | ★ |
|
| Account Management-Password Change Attempts by Non-Ower | | ★ | ★ | | ★ |
|
| Account Management-User Account Create | | | ★ | | ★ |
|
| Account Management-User Account Delete | | | ★ | | ★ |
|
| 特定事件-稽核報表 | |||||
| 報表名稱 | 每日 | 每週 | 每月 | 每季 | 稽核 |
| Forensic_-_All_Events_For_Specified_Computer | | | | | ★ |
| Forensic_-_All_Events_For_Specified_User | | | | | ★ |
| Forensic_-_All_Events_With_Specified_Event_ID | | | | | ★ |
| 效能調校用報表 | ||||||
| 報表名稱 | 每日 | 每週 | 每月 | 每季 | 稽核 |
|
| Planning-Event_Count | | | ★ | | |
|
| Planning-Event Count By Computer | | | ★ | | |
|
| Planning-Hourly Event Distribution | | | ★ | | |
|
| Planning-Logon Counts of Privileged Users | | ★ | ★ | | ★ |
|
| 效能調校用報表 | ||||||
| 報表名稱 | 每日 | 每週 | 每月 | 每季 | 稽核 |
|
| System_Integrity-Audit_Failure | | ★ | ★ | ★ | ★ |
|
| System_Integrity-Audit_Log_Cleared | | ★ | ★ | ★ | ★ |
|
| 使用統計類-稽核報表 | |||||
| 報表名稱 | 每日 | 每週 | 每月 | 每季 | 稽核 |
| Usage_-_Object_Access | | ★ | ★ | ★ | ★ |
| Usage_-_Privileged_logon | | ★ | ★ | ★ | ★ |
| Usage_-_Sensitive_Security_Groups_Changes | | ★ | ★ | ★ | ★ |
| Usage_-_User_Logon | | | | | ★ |
沒有留言:
張貼留言