FIM multiple events?
Hi guys I have FIM set up but I am getting something weird where I get a FileCreate, FileDelete, and then FileCreate, all within about a second and with the same file name. Does anyone know why this is...
View ArticleError with Reports Manager
Ok, I've been bashing my head on this problem for a few days now and I'm calling in for reinforcements! Just joined a new organization using LEM, and I'm happily learning all it can do. However I...
View ArticleSuccess Stories of gaining operational value from LEM
I would really love to hear specific success stores of where people have gained operational value from LEM. I am hoping that by sharing some stories or examples we might all be able to gain new...
View ArticleAccount Lockouts widget
I wanted to create a widget based on Account Lockouts filter.A simple one, a table with three columns: Event Info (Account lockout "user"), Source machine (to see where it got locked out), and Time of...
View ArticleUSB detected but not blocked on some machines??
I have a whitelist allowed USB devices configured on our system and it appeared to have been working well. We tested a number of unauthorized devices and they would get blocked as expected. Now however...
View ArticleLocation and Name of Local Agent Installer Log
All, While attempting to install the Local Agent Installer on a Windows 8.1 machine, one of the screens displayed the following: “The installation of SolarWinds Log & Event Manager Agent is...
View ArticlePalo Alto threat logs
Hi, We have recently integrated one of our firewall into LEM. We would like to have an email alert for the team if a single source IP produces 3 or more unique alerts/attacks. But when checking in LEM...
View ArticleIs there a place to find recommended or sample filters, rules and reports?
I am looking for a place that would have recommended or sample filters, rules and reports. I understand they have to be customized for my environment but I would like to see some sample sets to work...
View ArticleFREAK Schannel
Any ideas on using LEM to scan for FREAK using schannel via the windows agents? I figured out a way using USG and version numbers with IIS and IE but would like to expand with schannel, just can not...
View ArticleError when configuring SW LEM Report Schedule
Good day Thwack community, I com across an error whenever I try to schedule a report to run daily in the SW LEM Report console. After, I input all the relevant settings, I then enter the account to...
View ArticleLEM Report on Connector status
Hi I wonder if anyone could advise please on the "Connector report" within LEM I have just taken over the role as support for this product so bare with me. I have run a report which lists all...
View ArticleClik here to view.
Rule triggers went it is not suppose to trigger
All, I am trying to resolve an issue with a LEM rule. I work in a group which admins three different servers that generate Ping Sweeps. We expect this traffic. So, I created a rule to send an email...
View ArticleEmail Alerting stopped
Hello, My email alerting stopped for my rules. I checked the diskusage and the EPIC rules queue is backed up. How do clear this? cmc::acm# diskusageChecking Disk Usage (this could take a moment)......
View ArticleEmail Notifications How-To
Hey All,Since we haven't had any LEM discussions yet, I thought I'd post a quick how-to on setting up custom notifications. There's a couple of really common use cases for going beyond the out of the...
View ArticleHow to monitor activity by users of the admin group
can someone tell me how to create a rule in LEM to show activity by the administrator user or users in the admin group. Or is there perhaps a report in the SW LEM reports module? thank you......Rick
View ArticleModifying your own AD account Alerts
Has anyone had any success with monitoring or triggering on the modification of their own AD account? I'm having difficulties because the way LEM handles event 4728 it separates the Source Account into...
View Articleproperly filtering windows logs
Hi,Sorry if this is a common question..... Im both totally new to LEM and centralised logging in general and was wandering if there is an easy way to filter just the critical and error logs from all...
View ArticleCreating a Rule to Monitor a Specific Folder
LEM Version 6.1.0FIM Agent Installed.Server 2012 OS Hi. How do I go about setting up a rule to montor activity on a specific folder on our File and Print server. I have tried to construct a rule but...
View ArticleClik here to view.
Logon attempts to local accounts
I was watching a very interesting video "Windows Security Log Secrets" the other day this looked as a useful rule to implement. Can anybody help me put this one together?
View ArticleLEM Event Severity Filter
I'm looking to grab individualized severity levels in a filter. Anyone know a way to go about this intelligently?Ideally I'd have a user generated filter group that says "Severity" then underneath of...
View Article