1 Reply Latest reply on Jan 31, 2017 7:16 AM by acommons

    alarm when watchlist change

    izik

      hi

      i have watchlist that scan DOMAIN ADMIN group , can i create alarm if values are added or removed from this watchlist ?

      the watchlist is dynamice , update everyday

        • 1. Re: alarm when watchlist change
          acommons

          If Microsoft logging cooperates then you could look at creating an alarm on events that add to this group but the user is not currently in the watchlist and for your second use case the alarm is generated when the user is removed from the group but is in the watchlist.

           

          Of course the Microsoft events have to have the information you need and the WMI parsing has to extract it for you. Sometimes one or both of these requirements are not met.

           

          Apart from that it should not be that hard.