Chat now with support
Chat with Support

InTrust 11.4.1 - Preparing for Gathering Audit Collection Services Data

Predefined Objects for ACS Data Collection and Reporting

InTrust offers a set of predefined objects that will help you configure gathering and reporting on event data from the ACS database.

Note: Import policies have the same names as gathering policies and are intended to import the corresponding data from the repository to the Audit database.

Object

Description

“All OpsMgr ACS Servers in the domain” site This InTrust site is used to arrange your Operations Manager servers with Audit Collection Services installed.
“Microsoft OpsMgr ACS” data source This data source of Microsoft ACS Events type represents Windows security log events stored in the Microsoft Audit Collections Services database.
“OpsMgr ACS: Successful AD Administrator Logons” gathering policy This gathering policy defines the AD Administrator Logons to DC events to be collected to both a repository and a database.
“OpsMgr ACS: All Events” gathering policy This policy defines all security events from Audit Collection Services to be collected to a repository. The most critical security events (such as Failed Logons and Account Management) are to be collected into a database for analysis. The policy is intended to be used for gathering on a daily basis.
“OpsMgr ACS: All Logons” gathering policy This policy defines the Logon events to be collected from Audit Collection Services to both a repository and a database.
“OpsMgr ACS: Failed Logons” gathering policy This policy defines the Failed Logon events to be collected from Audit Collection Services to both a repository and a database.
“OpsMgr ACS: Account Management” gathering policy

This policy defines the Account Management events to be collected from Audit Collection Services to both a repository and a database.

“OpsMgr ACS: Policy Changes” gathering policy

This policy defines the Policy Changes to be collected from Audit Collection Services to both a repository and a database.

“OpsMgr ACS: Objects Access: Registry Access” gathering policy This policy defines the Registry Access events to be collected to both a repository and a database.
“OpsMgr ACS: Objects Access” gathering policy This policy defines the Object Access events to be collected from MS Audit Collection Services to both a repository and a database.
“OpsMgr ACS: Misc” gathering policy

This policy defines all Windows/AD miscellaneous security events to be collected from MS Audit Collection Services to a repository. The most critical of miscellaneous security events (such as Security Subsystem and Audit Subsystem Faults) are to be collected into a database for analysis.

“Standard OpsMgr ACS events consolidation” consolidation policy

This policy consolidates data from the Audit Collection Services without applying any time range filter. The standard Microsoft Operations Manager log is the Security log.

“Standard OpsMgr ACS events consolidation for the last month” consolidation policy

This policy consolidates data from the Audit Collection Services for the last month only. The standard Microsoft Operations Manager log is the Security log.

“OpsMgr ACS events collection” task

A task containing gathering and notification jobs.

“OpsMgr ACS events collection” job

A gathering job used to collect data from the ACS database.

“LDAP Query” enumeration script

A predefined enumeration script that returns the list of computers satisfying the LDAP query.

“MS OpsMgrs” enumeration script

A predefined enumeration script that returns the list of computers where Microsoft Operations Manager servers are running.

Related Documents