Yup. This is one of the things CSP (now Data Center Security - DCS) is made for!
Much of what you ask is available thru the out of the box detection policies. Check out the pdf located here;
http://www.symantec.com/docs/DOC5946
There's nice comprehensive listing of the what the 'out of the box' policies can do for you. The policy can be customized, or you can create your own to add those things you want but are missing. In particular, look at the Windows Baseline Policy.
Good luck!
Post additional questions here. Lots of good info and advice from users and Symantec product specialists.
Will