I have a federal STIG requirement to monitor for when the SIEM reaches 75% of disk space used. The default rule out of the box called "SolarWinds Disk Warning" uses 90% used as the trigger for the warning. The problem I'm having is in the rule I don't see any 90% listed anywhere in the logic. How does this rules work?
The correlation says:
InternalWarning.Detail != *-16Z*
InternalWarning.EventInfo != *101%*
InternalWarning.EventInfo = Manager Monitor Warning*
InternalWarning.EventInfo = *Disk*
I'm not sure I understand how this warns on disk over 90%
Am I missing something here??? Still new to LEM and getting this figured out.