Predefined Objects for ACS Data Collection and Reporting
InTrust offers a set of predefined objects that will help you configure gathering and reporting on event data from the ACS database.
|
|
Note: Import policies have the same names as gathering policies and are intended to import the corresponding data from the repository to the Audit database. |
| Object |
Description |
|---|---|
| “All OpsMgr ACS Servers in the domain” site | This InTrust site is used to arrange your Operations Manager servers with Audit Collection Services installed. |
| “Microsoft OpsMgr ACS” data source | This data source of Microsoft ACS Events type represents Windows security log events stored in the Microsoft Audit Collections Services database. |
| “OpsMgr ACS: Successful AD Administrator Logons” gathering policy | This gathering policy defines the AD Administrator Logons to DC events to be collected to both a repository and a database. |
| “OpsMgr ACS: All Events” gathering policy | This policy defines all security events from Audit Collection Services to be collected to a repository. The most critical security events (such as Failed Logons and Account Management) are to be collected into a database for analysis. The policy is intended to be used for gathering on a daily basis. |
| “OpsMgr ACS: All Logons” gathering policy | This policy defines the Logon events to be collected from Audit Collection Services to both a repository and a database. |
| “OpsMgr ACS: Failed Logons” gathering policy | This policy defines the Failed Logon events to be collected from Audit Collection Services to both a repository and a database. |
| “OpsMgr ACS: Account Management” gathering policy |
This policy defines the Account Management events to be collected from Audit Collection Services to both a repository and a database. |
| “OpsMgr ACS: Policy Changes” gathering policy |
This policy defines the Policy Changes to be collected from Audit Collection Services to both a repository and a database. |
| “OpsMgr ACS: Objects Access: Registry Access” gathering policy | This policy defines the Registry Access events to be collected to both a repository and a database. |
| “OpsMgr ACS: Objects Access” gathering policy | This policy defines the Object Access events to be collected from MS Audit Collection Services to both a repository and a database. |
| “OpsMgr ACS: Misc” gathering policy |
This policy defines all Windows/AD miscellaneous security events to be collected from MS Audit Collection Services to a repository. The most critical of miscellaneous security events (such as Security Subsystem and Audit Subsystem Faults) are to be collected into a database for analysis. |
| “Standard OpsMgr ACS events consolidation” consolidation policy |
This policy consolidates data from the Audit Collection Services without applying any time range filter. The standard Microsoft Operations Manager log is the Security log. |
| “Standard OpsMgr ACS events consolidation for the last month” consolidation policy |
This policy consolidates data from the Audit Collection Services for the last month only. The standard Microsoft Operations Manager log is the Security log. |
| “OpsMgr ACS events collection” task |
A task containing gathering and notification jobs. |
| “OpsMgr ACS events collection” job |
A gathering job used to collect data from the ACS database. |
| “LDAP Query” enumeration script |
A predefined enumeration script that returns the list of computers satisfying the LDAP query. |
| “MS OpsMgrs” enumeration script |
A predefined enumeration script that returns the list of computers where Microsoft Operations Manager servers are running. |