Multiple Failed Login attempts by different users but same IP
Does anyone know how to setup a filter and/or rule that will notice multiple failed login attempts by multiple users (before account lockout) originating from same IP within a certain time frame?...
View ArticleSyslog node names?
I have a number of syslog devices pointed at LEM, but they all show up as IP addresses for node name. Is there a way to change the name of these nodes? Thanks!
View ArticleAD authentication in LEM
I have been asked to configure LEM to use Active Directory credentials for users to log on with. I have the Directory Service Query tool configured per the documentation, and have added both a...
View ArticleCisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 - Configuring...
View ArticleCan I configure Multiple NICS on the LEM appliance?
Can I configure the LEM appliance to use multiple NICS? I have seen a thread from 2014 that stated LEM was capable of only utilizing 1 NIC. This was a discussion that referenced the appliance having 2...
View Articleconnector discovery already running (adding a node)
I am attempting to search for nodes, but the LEM says "connector discovery is already running. Cannot run at this time". I have searched for nodes before, but it has not been running for 24 hrs. Any...
View Articlefailed logon every 15 minutes
I receive a failed logon every 15 minutes from the same user account. This user is out of site and it does not seem like an interactive logon. Any ideas?
View ArticleSIEM: Log & Event Manager and Log & Event Manager difference?
i'm new to solarwinds product.i already read both of the datasheet. i find it exactly the same.is there any difference between this two product? thank you
View ArticleClik here to view.
How to add nodes?
Hi, I already installed the Agents on some of my Windows severs successfully via SolarWinds-LEM-v5.3.1-WindowsRemoteAgentInstaller. Then I wanted to add these nodes. I checked the LEM user guide, but I...
View ArticleLEM Licensing
Hi,New to the LEM Licensing concepts .. thereby seeking some clarifications here .. Is my understanding coorect -1. One Network switch or a router consumes 1 node license2. One Security device like...
View ArticlePros & Cons of encrypted (bitlocker) removable media and LEM
Our team has been working on some rules to mitigate threats from removable media. We have had good success with file monitoring, read/writes, and actively responding to executable attempts from flash...
View ArticleMultiple Failed Login attempts by different users but same IP
Does anyone know how to setup a filter and/or rule that will notice multiple failed login attempts by multiple users (before account lockout) originating from same IP within a certain time frame?...
View ArticleAuditing Group Policy Changes
Hi, Can anyone tell me how to set up a rule to track group policy changes? This is for tracking admin users who modify the Group Policy Object(I am not talking about creating a new one or renaming an...
View ArticleUSB Defender & Specific Device Types
We have had the USB Defender rule on our LEM for the duration of time I have been with my organization. It's connected to the UDLP policy and they opted to use a notepad document to catalog the Windows...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleHow do I import my CA's certificate into LEM?
We project the LEM console on a 72" TV. The console is constantly giving SSL prompts whenever it refreshes. In addition, SSL vulnerabilities are constantly showing up in our security scans - false or...
View ArticleLEM Web Console
HI I'm unable to login with web browser ... it says invalid login .... i've tried admin and password... its not working anyyy help ... bit of urgent ???
View ArticleCluster Mode Netapp File Auditing
I cannot seem to get LEM to read the .evtx file that Netapp is generating.This postNetapp Clustered Data ONTAP CIFS auditing to LEM has been answered but in the same post at a later date is this...
View ArticleNetapp Clustered Data ONTAP CIFS auditing to LEM
NetApp Clustered Data ONTAP creates audit log files on a file share (as far as I can tell it is not able to send the log information via syslog or snmp etc). Does anyone know whether and if so how it...
View Article