SCCM Status Messages as Event Source in InsightIDR

Is there a way to get SCCM Status Messages into InsightIDR Event Sources? We would like to monitor malicious administrator activity. The only way I know how to view these events which are stored in a DB is through SCCM > Monitoring > System Status > Status Message Queries.

Hey @bhowell,

Congratulations on your first post and welcome to the community!!
So I haven’t messed with SCCM in years, but I did find this link to export status messages, which if it works, you could then try a Rapid7 Custom Event Source. Not sure if it would work, but definitely worth a look:

Thanks, I will look into it and report back with findings!

Unfortunately, it looks like the script “Enumerate Status Message” is no longer available at the link that was provided for scripts in the link you shared. Thanks for the suggestion though! It at least seems possible with a script and I will look into that.


Sorry for the delay, glad I could help with the suggestion, please keep us posted on any progress or further questions!!