Setting up LEM to detect Advanced Persistent Threats (APTs)/Trojan-Ransom
All, Due to recent events, my company wants to expand LEM to notify our team when Advanced Persistent Threats (APTs)/Trojan-Ransom infect our network. Reading the following links gives a good...
View ArticleSuccess Stories of gaining operational value from LEM
I would really love to hear specific success stores of where people have gained operational value from LEM. I am hoping that by sharing some stories or examples we might all be able to gain new...
View ArticleLEM SDK ?
How do I access the LEM database using a 3rd party tool ? I would like to read table records from the raw database for ad-hoc queries, and display results in a customized format.
View ArticleMonitor License Key Activation?
Hi guys I was wondering if there was any way to monitor license key activation using LEM? For example, Windows or Office have had a product key entered? Thansk!
View ArticleLogon failed while running LEM reports
Hi, After installing Log and Event Manager Reports, while running a report, its showing this error: Logon failed. Error code: -2147189176, What is this error and how can it be resolved so I can run...
View ArticleClik here to view.
Logon attempts to local accounts
I was watching a very interesting video "Windows Security Log Secrets" the other day this looked as a useful rule to implement. Can anybody help me put this one together?
View ArticleLEM older release notes?
Does anyone know where I can find the Release Notes for LEM 6.01? I seem to only be able to find links to the latest version. Thanks!
View ArticleLEM doesn't know how to handle file share audit events
So I have file share auditing enabled on a file server. The event log collects data every time a share is accessed and the events in the event viewer are easily readable and contain all of the...
View ArticleSyslog node names?
I have a number of syslog devices pointed at LEM, but they all show up as IP addresses for node name. Is there a way to change the name of these nodes? Thanks!
View ArticleLEM: Create notification of AD account lockout
How can I setup a notification alert when a user is locked out of Active Directory? I am using SolarWinds Log & Event Manager 5.4 Thanks
View ArticleWindows Filtering Platform Auditing - What if it Never Existed?
Hi All, We're considering turning off by default the Windows Filtering Platform events from the Security Log that tend to make a whole lot of noise for no really good reason. The only problem we have...
View ArticleModifying your own AD account Alerts
Has anyone had any success with monitoring or triggering on the modification of their own AD account? I'm having difficulties because the way LEM handles event 4728 it separates the Source Account into...
View ArticleSuccess Stories of gaining operational value from LEM
I would really love to hear specific success stores of where people have gained operational value from LEM. I am hoping that by sharing some stories or examples we might all be able to gain new...
View ArticleLEM Syslog Question
I'm a SolarWinds LEM newbie but really like it. I am trying to connect our AudioCodes Mediant 1000 syslog to our LEM and it keeps telling me no nodes found. I can't find the device in the list so I was...
View ArticleLEM not displaying all syslog messages/events
All, If a Cisco ASA Firewall records a Syslog message in its logs, that syslog message is sent to LEM. Correct? While troubleshooting a network issue on a Cisco ASA, I looked at the ASA’s logs. They...
View ArticlePossible to monitor disk space remaining?
I'm currently using EventSentry to alert me if drives on Windows 2008/2012 virtual machines are running below 5% available space. Can I use LEM to replace EventSentry?
View ArticleReceive only Windows security log by default?
Is it possible to set this as a default setting, or is it necessary to first get the agent reporting and then edit the node connector settings to stop the application and system logs?
View ArticleQuestion about cloning
Does anyone know if there are any issues with cloning a baselined hardened OS (with the LEM agent installed) and then deploy that image to 100 other machines? With Symantec or other software, sometimes...
View ArticleClik here to view.
Help with Advanced Rule & Email Template creation
I work in a HIPAA compliant environment. Our business is built around HIPAA compliance. We use LEM to monitor our network and users to ensure compliance. One filter we have setup alerts us if anyone...
View Article