I'm trying to set up a scheduled search to monitor changes to GPOs. Running SEM 2020.4. Any suggestions regarding the best way to set up this query would be much appreciated. Thanks!
OK I know there is audit event logs on the domain controller (these is per each domain controller) You must make sure the Auditing is configured to track. (https://rlevchenko.com/2017/03/17/how-easy-is-it-to-track-group-policy-changes-using-the-event-log/)
the Event ID is:
Checking the SolarWinds connecter to see if these logs are being tracked
After looking at the connecter XML file I do not see these event logs listed.
So I recommend enable the audit logs on the file server and check windows event logs for which EVENT ID are the most useful and request a connector update to add these in the next revision.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.