Need LEM agent UNinstaller
Where can I get the manual uninstaller for the LEM agent? It does no good to tell me to get it from the customer portal because I was just evaluating the software. Would be nice if you would make the...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleUsing *$* In Rules & Additional Questions
Hey Thwack community - How does the LEM interpret *$* when used in a rule or a query? I am in the process of working on fine tuning a rule for Admin Logon Failures after hours. It's pulling local...
View ArticleHostnames for Syslog Nodes
I am wondering if it is possible to configure our Cisco switches to appear in the LEM Management Console node list with their hostnames. Currently, they are only showing IP addresses in both the "Node...
View ArticleClik here to view.
LEM Version # in console vs. on client devices
Morning all - I am auditing which devices within our KACE appliances have LEM agents installed. I am also making note of which versions they are running on. Within the LEM in my Node's list all of my...
View ArticleFiltering out Computer Account Activity
I'm attempting to set up both a saved search (nDepth) and filter (Monitor) excluding computer accounts (ending in $ sign). However....In nDepth, when I add a Group with the following condition......
View ArticleParameters not Displaying in E-mail Template
In LEM, when I create an e-mail template using the parameters in the list, they do not appear in the e-mail I am sent. For instance, in the template it looks like this: User account $account was locked...
View Articlemonitor password changes
I have enabled the right policies in AD now, and I'm starting to see these events hit the LEM: Event Name: UserModifyAttributeEventInfo: Password Change "domain\username" Success Event Name:...
View ArticleServer 2016 Agent Support?
Is there any support for Server 2016 yet? I am currently running a trial of 6.3.1 and cannot get the agent to install on Server 2016 boxes, either via the remote installer (which just hangs for hours)...
View ArticleClik here to view.
Actions within Rules
This will be the first time I create a bespoke rule of my own on the LEM that implements an action for the correlating events. My goal is to get an alert for any new users being added to *admin*...
View ArticleUsing *$* In Rules & Additional Questions
Hey Thwack community - How does the LEM interpret *$* when used in a rule or a query? I am in the process of working on fine tuning a rule for Admin Logon Failures after hours. It's pulling local...
View ArticleSourcefire Defense Center?
I went through the connectors in LEM and did not see anything listed for the estreamer api. Is there any way to use LEM to evaluate the logs coming in from this device? Looking to create alerts and...
View ArticleUsing Time of Day in Rule Correlation
I am trying to create a rule that only sends an alert when an event (I'll spare unnecessary details) happens after hours. In the "Correlations" box, if I add a "Time of Day Sets", but that defaults to...
View Articlemonitor password changes
I have enabled the right policies in AD now, and I'm starting to see these events hit the LEM: Event Name: UserModifyAttributeEventInfo: Password Change "domain\username" Success Event Name:...
View ArticleRemote Windows instalation
We are replacing several Windows computers. If I use the Remote installation and use get hosts automatically, then select all the computers in the domain, will this reinstall the agent, or will the...
View ArticleConnectors Update Error
Following an upgrade to v6.2.0 I have followed the instructions for updating the connectors using the LEM console. After a short while I see an error titled "Connectors Update Error", detail...
View ArticleLEM Backup fails - SMBv1
We recently tried configuring the backup functionality in a newly installed instance of LEM but couldn't get it to connect to the target network share, If you're have a similar problem, perhaps after...
View ArticleLEM AD Connector support for binding
The biggest issue I have had with the LEM connector besides the one I have already seen mentioned having to use the FQDN to sign in, is the fact that it wants to discover and display the entire forest...
View ArticleFIM rule based on size of file
I was curious if there is a way to create a rule in my LEM to alert me if a file is created that is a certain size, for instance, 3 MB? I go into the FIM connector for a node, but I do not see any...
View ArticleUpgrade to 6.0.1 Flex error
When I load the GUI after the upgrade I get this error:Flex Error #1001: Digest mismatch with RSL https://10.162.1.40:8443/lem/rsl/TriGeoFlexFramework.swf. Redeploy the matching RSL or relink your...
View Article