{"id":19999,"date":"2023-08-30T13:20:18","date_gmt":"2023-08-30T17:20:18","guid":{"rendered":"https:\/\/kevinjustin.com\/blog\/?p=19999"},"modified":"2023-08-30T13:20:18","modified_gmt":"2023-08-30T17:20:18","slug":"proactive-security-bundle","status":"publish","type":"post","link":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/","title":{"rendered":"Proactive Security bundle"},"content":{"rendered":"<figure id=\"attachment_20000\" aria-describedby=\"caption-attachment-20000\" style=\"width: 300px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-20000 size-medium\" src=\"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo-300x300.png\" alt=\"DC Security bundle pack is much like the various universe\/multiverse sci fi storylines.\" width=\"300\" height=\"300\" srcset=\"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo-300x300.png 300w, https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo-150x150.png 150w, https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo-768x768.png 768w, https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo-1024x1024.png 1024w, https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo.png 1200w\" sizes=\"auto, (max-width: 300px) 85vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-20000\" class=\"wp-caption-text\">DC Security bundle pack is much like the various universe\/multiverse sci fi storylines.<\/figcaption><\/figure>\n<p>Proactive Security bundle to help with three (3) various DC authentication event sets encompassing Kerberos, NetLogon, and DCOM.\u00a0 These events were enabled as part of the server cumulative patches.\u00a0 The management packs run workflows on the servers, then combine into a daily alert report of the unique event description details.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h4>Quick Download <a href=\"https:\/\/github.com\/theKevinJustin\/DCAuthAlerts\" target=\"_blank\" rel=\"noopener\">HTTPS:\/\/GITHUB.COM\/THEKEVINJUSTIN\/DCAUTHALERTS<\/a><\/h4>\n<p>&nbsp;<\/p>\n<p>Save the files from GitHub to your local SCOM MS and import.<\/p>\n<p>&nbsp;<\/p>\n<h4>Proactive Security bundle components<\/h4>\n<p>Proactive DC Kerberos KDC Authentications 1.0.0.1<br \/>\nDownload: https:\/\/github.com\/theKevinJustin\/DCAuthAlerts<br \/>\nDocumentation: https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/DC-Auth-Alerts\/<br \/>\nPurpose: Monitor DC Kerberos authentication alerts on CA, DC role servers, as well as any operating system. Daily alert report consolidates alerts as well as on-demand report tasks.<br \/>\nChange Impact: Low<br \/>\nSecurity Impact: Low<br \/>\nAny testing needed: No<\/p>\n<p>Proactive DC NetLogon Allowed Sessions 1.0.3.1<br \/>\nDownload: https:\/\/github.com\/theKevinJustin\/DCAuthAlerts<br \/>\nDocumentation: https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/DC-Auth-Alerts\/<br \/>\nPurpose: Monitor DC NetLogon authentication alerts on DC role servers. Daily alert report consolidates alerts as well as on-demand report tasks.<br \/>\nChange Impact: Low<br \/>\nSecurity Impact: Low<br \/>\nAny testing needed: No<\/p>\n<p>Proactive Microsoft Windows DCOM Server Security Bypass 1.0.0.8<br \/>\nDownload: https:\/\/github.com\/theKevinJustin\/DCAuthAlerts<br \/>\nDocumentation: https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/DC-Auth-Alerts\/<br \/>\nPurpose: Monitor DC DCOM security bypass event ID&#8217;s 10036,7,8 in Security EventLog. Pull from DC and run SCOM alert report, as well as on-demand report task.<br \/>\nChange Impact: Low<br \/>\nSecurity Impact: Low<br \/>\nAny testing needed: No<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Proactive Security bundle to help with three (3) various DC authentication event sets encompassing Kerberos, NetLogon, and DCOM.\u00a0 These events were enabled as part of the server cumulative patches.\u00a0 The management packs run workflows on the servers, then combine into a daily alert report of the unique event description details. &nbsp; &nbsp; Quick Download HTTPS:\/\/GITHUB.COM\/THEKEVINJUSTIN\/DCAUTHALERTS &hellip; <a href=\"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Proactive Security bundle&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,567,5,7,545,530,502,742],"tags":[119,805,600,803,806,802,804],"class_list":["post-19999","post","type-post","status-publish","format-standard","hentry","category-administration","category-authoring","category-best-practice","category-mp-management-pack","category-powershell","category-scom","category-security","category-windows","tag-dc","tag-dcom","tag-kerberos","tag-management-server","tag-netlogon","tag-scom-ms","tag-security-event-log"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Proactive Security bundle - Kevin Justin&#039;s Blog<\/title>\n<meta name=\"description\" content=\"Leverage the &#039;Proactive Security bundle&#039; for DC related auth issues for DCOM, Kerberos, and NetLogon events on DC servers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Proactive Security bundle - Kevin Justin&#039;s Blog\" \/>\n<meta property=\"og:description\" content=\"Leverage the &#039;Proactive Security bundle&#039; for DC related auth issues for DCOM, Kerberos, and NetLogon events on DC servers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/\" \/>\n<meta property=\"og:site_name\" content=\"Kevin Justin&#039;s Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-30T17:20:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo-300x300.png\" \/>\n<meta name=\"author\" content=\"WordPress Administrator\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WordPress Administrator\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/\"},\"author\":{\"name\":\"WordPress Administrator\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\"},\"headline\":\"Proactive Security bundle\",\"datePublished\":\"2023-08-30T17:20:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/\"},\"wordCount\":258,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/DC_Comics_logo-300x300.png\",\"keywords\":[\"dc\",\"DCOM\",\"kerberos\",\"management server\",\"NetLogon\",\"SCOM MS\",\"Security Event Log\"],\"articleSection\":[\"Administration\",\"Authoring\",\"Best Practice\",\"MP Management Pack\",\"PowerShell\",\"SCOM\",\"Security\",\"Windows\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/\",\"name\":\"Proactive Security bundle - Kevin Justin&#039;s Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/DC_Comics_logo-300x300.png\",\"datePublished\":\"2023-08-30T17:20:18+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\"},\"description\":\"Leverage the 'Proactive Security bundle' for DC related auth issues for DCOM, Kerberos, and NetLogon events on DC servers.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/#primaryimage\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/DC_Comics_logo.png\",\"contentUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/DC_Comics_logo.png\",\"width\":1200,\"height\":1200,\"caption\":\"DC Security bundle pack is much like the various universe\\\/multiverse sci fi storylines.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/proactive-security-bundle\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Proactive Security bundle\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/\",\"name\":\"Kevin Justin&#039;s Blog\",\"description\":\"Operational monitoring tools including System Center, Azure Monitor\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\",\"name\":\"WordPress Administrator\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"caption\":\"WordPress Administrator\"},\"sameAs\":[\"https:\\\/\\\/kevinjustin.com\"],\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/author\\\/wordpress_admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Proactive Security bundle - Kevin Justin&#039;s Blog","description":"Leverage the 'Proactive Security bundle' for DC related auth issues for DCOM, Kerberos, and NetLogon events on DC servers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/","og_locale":"en_US","og_type":"article","og_title":"Proactive Security bundle - Kevin Justin&#039;s Blog","og_description":"Leverage the 'Proactive Security bundle' for DC related auth issues for DCOM, Kerberos, and NetLogon events on DC servers.","og_url":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/","og_site_name":"Kevin Justin&#039;s Blog","article_published_time":"2023-08-30T17:20:18+00:00","og_image":[{"url":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo-300x300.png","type":"","width":"","height":""}],"author":"WordPress Administrator","twitter_card":"summary_large_image","twitter_misc":{"Written by":"WordPress Administrator","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/#article","isPartOf":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/"},"author":{"name":"WordPress Administrator","@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508"},"headline":"Proactive Security bundle","datePublished":"2023-08-30T17:20:18+00:00","mainEntityOfPage":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/"},"wordCount":258,"commentCount":0,"image":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/#primaryimage"},"thumbnailUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo-300x300.png","keywords":["dc","DCOM","kerberos","management server","NetLogon","SCOM MS","Security Event Log"],"articleSection":["Administration","Authoring","Best Practice","MP Management Pack","PowerShell","SCOM","Security","Windows"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/","url":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/","name":"Proactive Security bundle - Kevin Justin&#039;s Blog","isPartOf":{"@id":"https:\/\/kevinjustin.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/#primaryimage"},"image":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/#primaryimage"},"thumbnailUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo-300x300.png","datePublished":"2023-08-30T17:20:18+00:00","author":{"@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508"},"description":"Leverage the 'Proactive Security bundle' for DC related auth issues for DCOM, Kerberos, and NetLogon events on DC servers.","breadcrumb":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/#primaryimage","url":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo.png","contentUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/DC_Comics_logo.png","width":1200,"height":1200,"caption":"DC Security bundle pack is much like the various universe\/multiverse sci fi storylines."},{"@type":"BreadcrumbList","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/proactive-security-bundle\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kevinjustin.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Proactive Security bundle"}]},{"@type":"WebSite","@id":"https:\/\/kevinjustin.com\/blog\/#website","url":"https:\/\/kevinjustin.com\/blog\/","name":"Kevin Justin&#039;s Blog","description":"Operational monitoring tools including System Center, Azure Monitor","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kevinjustin.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508","name":"WordPress Administrator","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","caption":"WordPress Administrator"},"sameAs":["https:\/\/kevinjustin.com"],"url":"https:\/\/kevinjustin.com\/blog\/author\/wordpress_admin\/"}]}},"_links":{"self":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/19999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/comments?post=19999"}],"version-history":[{"count":3,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/19999\/revisions"}],"predecessor-version":[{"id":20003,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/19999\/revisions\/20003"}],"wp:attachment":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/media?parent=19999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/categories?post=19999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/tags?post=19999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}