Sorry to hear that sir. With NPM 10.7, you can set baseline thresholds for interface traffic that could detect anomalous traffic. SAM also has templates for most of what you are looking for:
*When a user logs on to a server - Windows event log monitor for login events
* When DNS has been changed e.g. a record added or removed? DNS User Experience Template would alert on this
* When a users password has been changed / expired / account disabled in AD? Windows Event Log monitor would enable this. May be worthwhile to check out SolarWinds Log and Event Manager: SIEM | Log Analysis | Log & Event Management for IT Security & Compliance | SolarWinds
1 of 1 people found this helpful
Sorry to hear about your breach
I use non-solarwinds apps for the following:
* When a user logs on to a server
* When a users password has been changed / expired / account disabled in AD?
ScriptLogic Active Administrator is what I use
Solarwinds can generate alerts for:
* High traffic over the weekend on the firewall's I/O External port?
Solarwinds NTA had previously alerted me to high malicious activity between a compromised laptop that was attacking my DNS servers and my ISP's DNS servers
Hope your recover from this with minimal impact