There isn’t much to this year’s update. I didn’t get a ton of feature requests, but I did get a couple and built them in. This is the change log.
- Updated Local Admin Change rule to account for GPO enforced Local Admin Settings.
- Fixed a couple of alert replacement bugs.
- Added more overrides options for some powershell rules.
- Updated Log Clearing alerts to allow for a user account override.
- Added an exclusion to PowerShell logging for an Azure path as well as SCOM 2019 default path.
- Fixed a bug with the alert description for the PowerShell running in memory rule.
- Added rule for suspicious user logons.
- Added an exclusion for WindowsAzureNetAgent on the service creation on DC rule.
Also worth noting that I’ve moved all content off of technet galleries and on to github. I’m not a github expert by any means, so I’m still figuring out the pull requests and fun stuff associated with that, but this could eventually become a community project with the right volunteers. Here is a link to both the previous and current content.