Monitoring
As mentioned earlier, proactive monitoring is the key to identifying and mitigating any security risk in an organization. In a large enterprise, a tool-based monitoring and alerting solution may become necessary, based on the requirements. Microsoft System Centre Operations Manager (SCOM) is an infrastructure monitoring tool and a solution from Microsoft, which provides cost-effective and reliable solutions. The details of SCOM are beyond the scope of this book. However, I would encourage you to evaluate the product in your environment to ensure that it satisfies your business and technical requirements. The details of this product can be found in http://technet.microsoft.com/library/hh205987.aspx.
In the previous section, you have created an event forwarding solution for all your critical events. These events are currently located in the Forwarded Events node of the Windows Log. Perform the following steps:
- Open the Event Viewer.
- Expand Windows Logs and select Forwarded Events...