Null Session Enumeration
I would like to alert if any thing or anyone attempts Null Session Enumeration against Active Directory. This is two fold since I want to know if it is being done and want to stop it if possible....
View ArticleMac address in LEM
Hi all, is there any way to log also the Source MAC Address in EventLogon Event??
View ArticleLEM Port Scan Alerts
I'm new to SolarWinds LEM and need to figure out how to quite the noise down of all the port scan email alerts. I have a few questions regarding this topic. after looking over the rules. I do see there...
View ArticleIs there a list of LEM Best Practices, or Most Common Rules?
I tried searching for Best Practices, but only found a few documents. Is there a site for LEM Best Practices, common rules, or implementation suggestions? What do you feel is your best rule? Thanks...
View ArticleClik here to view.
Modify existing LEM filter to exclude keywords
Using LEM 6.3.1 I am trying to learn this product and have stumbled upon what I thought would be an easy task - I want to take a an existing filter, clone it and then edit it to do what it is doing but...
View ArticleClik here to view.
Threat intelligence feed logs
We have a rule set up to use the TIF thusly: We're getting alerts from Bad Folks™ trying to hit our outside IP, but that's happening all the time -- a good portion of the reason one doesn't put an...
View ArticleAD authentication in LEM
I have been asked to configure LEM to use Active Directory credentials for users to log on with. I have the Directory Service Query tool configured per the documentation, and have added both a...
View ArticleLEM in a Hybrid Environment
As SolarWinds positions itself to support hybrid environments I am curious about the future of LEM? I love and am a huge advocate for LEM; however, as we move more and more into managing hybrid...
View ArticleLEM Database Maintenance Report not reporting correct "Database Time Span...
I recently worked with SW Support tkt#1153393 to reduce the size of myLEM DB. The tech removed data partitions and successfully reduce the size ofthe DB but now the DMR is not accurately reflecting the...
View ArticleLocal PC Guest Account Notifications
In our domain, we have the local machine Guest account disabled and renamed through script/GPO. Our LEM console sends out 10-20 notices each day TriGeo Alert: "guest account is locked out @ time of...
View ArticleMonitoring Web Traffic with LEM
Hello Thwack Community, This is my first post/ question though I have been lurking on the board to get my questions answered for about 60 days since getting my new position. I am new to Solarwinds and...
View ArticleNull Session Enumeration
I would like to alert if any thing or anyone attempts Null Session Enumeration against Active Directory. This is two fold since I want to know if it is being done and want to stop it if possible....
View ArticleHow do I import my CA's certificate into LEM?
We project the LEM console on a 72" TV. The console is constantly giving SSL prompts whenever it refreshes. In addition, SSL vulnerabilities are constantly showing up in our security scans - false or...
View ArticleRecognizing A Sequence of Events
I have website log that I need to act upon for a specific sequence of requests. The sequence is something like: IFURL-A appears in a log recordAndWithin 5 seconds URL-B appears in a log recordAndThe...
View ArticleLEM Database
Can you get access to the LEM database to do direct SQL queries? Ever since upgrading to 5.7 from 5.4 (via 5.6), the reporting has been unusably slow (if it works at all, yes there is a call open but...
View ArticleRegex to match all user logins with exception.
In Syslog viewer I'm trying to setup a Syslog message pattern to match when a user logs into a cisco device and exclude 1 user. I know that doing *Login Success* matches on any user login but I want to...
View ArticlePossible to monitor disk space remaining?
I'm currently using EventSentry to alert me if drives on Windows 2008/2012 virtual machines are running below 5% available space. Can I use LEM to replace EventSentry?
View ArticleSet ACLS to members in adminsitration group
Being new to Solarwinds LEM, I am not sure how to resolve the following error message that we continuously receive: set acls of members in administrators group. We have done a search on how to resolve...
View ArticleIs there a list of LEM Best Practices, or Most Common Rules?
I tried searching for Best Practices, but only found a few documents. Is there a site for LEM Best Practices, common rules, or implementation suggestions? What do you feel is your best rule? Thanks...
View ArticleMac address in LEM
Hi all, is there any way to log also the Source MAC Address in EventLogon Event??
View Article