How do you setup AD Security Logs with LEM?
I'm trying to set up AD logs with LEM. I downloaded the Remote Solarwinds Log & Event Manager Agent. My concern is that with my company we have hundreds of Windows servers. Is it necessary to use...
View ArticleUSB Defender
Needing help configuring USB Defender. I have followed all the steps to configuring it, but neither see an alert in the console nor are unauthorized USB devices shut down on the client machine. Here is...
View ArticleLog & Event Manager API / REST/ Cmdline
Hi, is there a way to access Log & Event Manager via API, REST or Cmdline? I'd like to query data matching a filtered pattern and further process it. Thanks in advance rubensk
View Articlesuspicious DNS traffic rule
We have recently added checkpoint and the "suspicious DNS traffic" rule is triggering incidents. We have identified the DC as per the templates but are trying to decrease incidents.
View ArticleLEM use cases
Hi all,I'm new with LEM and consider it as a central console for future SOC in my current companyI just want to leave here my list of use cases and share in a future "how to" realize themDon't hesitate...
View ArticleWhen I create a new case at website, I couldn't submit it.
When I create a new case at website, I couldn't submit it.
View ArticleI'm receiving hundreds of logs for users with Login Failure
We are seeing hundreds of failed logins for users from the ToolAlias: Cisco ACS and AuthPackage: MSCHAPV2. Is there a way we can configure LEM to reduce these logs? I've contacted the users and they...
View ArticleEmail Notifications How-To
Hey All,Since we haven't had any LEM discussions yet, I thought I'd post a quick how-to on setting up custom notifications. There's a couple of really common use cases for going beyond the out of the...
View ArticleWhy is it when, I try to use nmap to verify the ports on Windows Server is...
Good day everyone, I had idea to make sure that new windows servers that will be added to the LEM ports are open. Ports I am talking about is TCP 37890-37896I was trying to use NMAP nmap -sT -p...
View ArticleLEM v6.3.1 HOT FIX 4 IS NOW AVAILABLE
DownloadAvailable:http://downloads.solarwinds.com/solarwinds/Release/HotFix/SolarWinds-LEM-v6.3.1-Hotfix4.zip Hotfix 4...
View ArticleConnecting SolarWinds to Cisco FirePOWER using eStreamer
We have a Cisco FirePOWER unit that we want to poll information from and place in a dashboard so that it is easy to see what is going on with FirePOWER. I have been looking and haven't found too much...
View ArticleUSB Defender & Specific Device Types
We have had the USB Defender rule on our LEM for the duration of time I have been with my organization. It's connected to the UDLP policy and they opted to use a notepad document to catalog the Windows...
View ArticleAuditing Group Policy Changes
Hi, Can anyone tell me how to set up a rule to track group policy changes? This is for tracking admin users who modify the Group Policy Object(I am not talking about creating a new one or renaming an...
View ArticleHow do I import my CA's certificate into LEM?
We project the LEM console on a 72" TV. The console is constantly giving SSL prompts whenever it refreshes. In addition, SSL vulnerabilities are constantly showing up in our security scans - false or...
View ArticleWhen I create a new case at website, I couldn't submit it.
When I create a new case at website, I couldn't submit it.
View Articlefailed logon every 15 minutes
I receive a failed logon every 15 minutes from the same user account. This user is out of site and it does not seem like an interactive logon. Any ideas?
View ArticleWe have a requirement to audit all Applocker EXE and DLL events on all of our...
We have a requirement to audit all Applocker EXE and DLL events on all of our servers; how do I set up LEM to make this information available and prominent? We have our Group Policy configured to audit...
View ArticleCisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 - Configuring...
View ArticleIs there a way to monitor CD rom drive usage?
Is there a way to monitor/notification of CD rom drive usage? So far I can not figure out a way. There are no services that I can think of to monitor. Any ideas would be helpful. Thank you.
View ArticleLEM : SNMP TRAPS
Hi All, we got an info that LEM can handle more number of traps than NPM. So we are testing LEM to receive SNMP traps. But still we don’t know how to receive snmp traps on LEM.Please let us know how to...
View Article