How to detect configuration changes within an instance

____62 · ‎08-03-2022

Currently, if you make unintended changes to certain settings in your instance,
We want to detect that change.
As a detection method, we are trying to monitor whether unintended change logs are output to the event log.

For example, in the case of "notification", if a log that changes the "notification" table or system properties (including email in the name) is created in the event log, it will be judged that the setting value has been tampered.

From here, I have a question. When detecting tampering with notification setting values, are the detection targets covered only by the notification table and system properties (those that include email in the name)?
Can you tell me if there is another table that manages the setting values in the instance like system properties?

Mark Manders · ‎08-03-2022

You can check all changes in the sys_update_xml-table. Is that what you are looking for? It captures everything that's also captured in update sets.

If my answer helped you in any way, please then mark it as helpful.

Mark

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Chris McDevitt · ‎08-09-2022

Hi, I am a little late to the party.... 🙂

Here is what I would do:

Create a Scheduled Job to:

Look at the Customer Updates [sys_update_xml] table
For items created today
If found, then I would cross reference your Change Control System for an approved Change to SN for today.
- If there were no approved changes, I would open a ticket for someone to investigate.

Of course, I would NEVER allow anyone to make changes on Production directly, I would require an update set to make changes.

Create an ADMIN accounts that your admin needs to log in to become an admin
- Once per person: example chris.mcdevitt (normal privileges) AND chris.mcdevitt.admin
Almost everything can be added to an Update Set and tested in a lower environment, and then promoted to production when ready.