Domain policy is critical to ensuring that all policy changes are made only by users with the appropriate access. It is also critical in ensuring only those with job-specific roles can make policy changes. The Domain Policy Content Pack helps system administrators track, report, and update domain policy changes in their environment as well as privileged security group membership changes. Tracking users making changes to these items is critical for identifying suspicious modifications and fixing them in a timely manner.

Content Pack Components

Alarms

The alarms in this content pack are designed to highlight potential high-risk events. When triggered, they will generate a visual alert as well as create an alarm event.

  • Domain Policy - Suspect Domain Changes
  • Domain Policy - Suspect Local Changes

Views

  • Domain Security Group Changes
  • GPO Changes by User
  • Local Security Group Changes Dest SID
  • Local Security Group Changes Dest User
  • Group Policy Errors

Reports

  • Domain Policy - Weekly Policy Overview

Correlation Rules

  • Domain Policy - Domain Policy Changed
  • Domain Policy - Group Policy Object Deleted
  • Domain Policy - Group Policy Object Created
  • Domain Policy - Group Policy Object Changed
  • Domain Policy - Suspicious Domain Privilege Changes
  • Domain Policy - Suspicious Local Privilege Changes
  • Domain Policy - User Added to Domain Security Group
  • Domain Policy - User Added to Local Security Group
  • Domain Policy - User Removed from Domain Security Group
  • Domain Policy - User Removed from Local Security Group

Watchlists

The Domain Policy – Security Groups watchlist is an object watchlist for Active Directory security groups important to the organization. It can be altered to better fit the environment.

  • Domain Policy - Security Groups

Required Products

  • McAfee Enterprise Security Manager (ESM) 11.x, 10.x
  • McAfee Advanced Correlation Engine (ACE) 11.x, 10.x

Content pack demo

Content packs are available directly inside the McAfee Enterprise Security Manager user interface. Watch the video to discover how to access your content pack and get started.

Watch Video

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register