Domain Policy Content Pack

Domain policy is critical to ensuring that all policy changes are made only by users with the appropriate access. It is also critical in ensuring only those with job-specific roles can make policy changes. The Domain Policy Content Pack helps system administrators track, report, and update domain policy changes in their environment as well as privileged security group membership changes. Tracking users making changes to these items is critical for identifying suspicious modifications and fixing them in a timely manner.

Content Pack Components

Alarms

The alarms in this content pack are designed to highlight potential high-risk events. When triggered, they will generate a visual alert as well as create an alarm event.

Domain Policy - Suspect Domain Changes
Domain Policy - Suspect Local Changes

Views

Domain Security Group Changes
GPO Changes by User
Local Security Group Changes Dest SID
Local Security Group Changes Dest User
Group Policy Errors

Reports

Domain Policy - Weekly Policy Overview

Correlation Rules

Domain Policy - Domain Policy Changed
Domain Policy - Group Policy Object Deleted
Domain Policy - Group Policy Object Created
Domain Policy - Group Policy Object Changed
Domain Policy - Suspicious Domain Privilege Changes
Domain Policy - Suspicious Local Privilege Changes
Domain Policy - User Added to Domain Security Group
Domain Policy - User Added to Local Security Group
Domain Policy - User Removed from Domain Security Group
Domain Policy - User Removed from Local Security Group

Watchlists

The Domain Policy – Security Groups watchlist is an object watchlist for Active Directory security groups important to the organization. It can be altered to better fit the environment.

Domain Policy - Security Groups

Required Products

McAfee Enterprise Security Manager (ESM) 11.x, 10.x
McAfee Advanced Correlation Engine (ACE) 11.x, 10.x

Content pack demo

Content packs are available directly inside the McAfee Enterprise Security Manager user interface. Watch the video to discover how to access your content pack and get started.

Watch Video

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register

Nos solutions phares

Explorer notre gamme

Objectifs de sécurité

Secteurs d'activité

Produits

Nos solutions phares

Explorer notre gamme

Produits MVISION

Services et formations

Recherche sur les menaces

Nos chercheurs

Tableau de bord du paysage des menaces

Outils

Nous contacter

Ressources

Téléchargements

Aide sur les produits

Rejoignez-nous

Explorer

Notre entreprise

Nos initiatives

Autres ressources

Opportunités d'emploi

Partenariats