Quantcast
Channel: THWACK: Popular Discussions - Security Event Manager (SEM) - Formerly Log & Event Manager
Browsing all 5911 articles
Browse latest View live

HostIncident event

  This might be a silly question with a more than obvious answer. I have been reading through the user guide and I have enabled several rules (such as Track Failed Login Attempts to Administrative...

View Article


Recording policy changes from Sophos Enterprise Console 5.2 in LEM?

So my question is pretty simple (although I don't expect the answer to be), is there a way of pulling any policy changes or logs from Sophos Enterprise Console 5.2.0.644 and having them recorded and...

View Article


Citrix Storefront Connectors

I'm looking to gather Citrix Storefront event logs but cannot find a connector in LEM.  Does anyone know of a LEM Connector for Citrix Storefront? The Storefront event logs are under "Event Viewer >...

View Article

Using a Threat Intelligence Feed with LEM?

I am curious if anybody out there is using LEM in conjunction with a Threat Intelligence feed?  I realize that LEM doesn't currently accept any of the feed protocols; however, I have seen that some...

View Article

Monitor taking ownership of a mailbox

Does anyone know if there's a way to monitor and alert on taking ownership of a mailbox in Exchange? I know it generates an log event if auditing is turned on, but I don't see a corresponding Event in...

View Article


Filtering Certain Windows Security Events Before the LEM Agent Sends to the...

Hi all, We currently have monitoring processes that logon to our servers continuously to monitor the overall health of the server.  This turns into thousands of unnecessary events flowing into LEM.  Is...

View Article

Editing a Rule in LEM for Monitoring a Particular OU

SolarWinds support assisted me with creating a rule which monitors a particular OU.  However, I would like to modify the rule.  When I attempt to do this, I have no options to choose another OU.  Not...

View Article

OpenVPN syslog support

I've got an OpenVPN server sending its syslog to my LEM. Data is being received, but the Event Info is being reported as "Unmatched F5 BigIP messages Data ($RevisionL #47 $)". I'd like to be able to...

View Article


"Remove the White Noise"

Hi all, I have recently stated looking at our LEM installation for the Security Team. They have done some basic configuration and logging including deploying the agent and seeing what LEM can do.  They...

View Article


IIS W3C Log Collection

Hey guys, I am having trouble with The Microsoft IIS Web Server 7.0 and 8.5 connectors. No events, other than tool START and STOP events, are being generated in LEM. The file paths I'm using for either...

View Article

HP Printer Status (port 5226) PortScan triggered events in LEM?

Hi all. Anyone has any experience or opinion about having bunch of portscan events triggered in LEM relating to the HP Universal Printer Driver contacting workstations on port 5226 for printer status?...

View Article

Multiple Active Directory Domains

Our organisation has more than one domain, is it possible to add more than one Active Directory connections to populate multiple Directory Service Groups? Thanks

View Article

Integration of LEM with Orion NPM

To quote the "What are we working on now" thread for LEM from 2011:  "SolarWinds Orion Platform Product Integration: Escalating Events from LEM to Orion via SNMP TrapsSince we're in the business of...

View Article


LEM Rules Fired Based on WMI Events

Hello thwack! I am fairly new to LEM and all of the features it has to offer. I have been doing some reading up on WMI and some of the potential security flaws (and fixes) that it has to offer. Based...

View Article

LEM File integrity monitoring

One of the reasons I chose LEM for an evaulation is it's file monitoring capability. I've searched through the user guide and I can't seem to find how this is configured. I do have the agent running on...

View Article


Solarwinds LEM documentation

Hi Guys, recently I feel that there is a lack of documentation in Solarwinds LEM. When i was questioning about the correlation of the rule template, how it is being triggered and what is the term which...

View Article

Image may be NSFW.
Clik here to view.

Critical Account Logon Failure

Greetings, I came across a thread (https://thwack.solarwinds.com/thread/66209) that described a modified filter that would be good at catching someone trying to guess user passwords without locking...

View Article


Solarwinds WHD

Is there a documentation of how to configure the Solarwinds WHD to send logs to LEM?

View Article

Image may be NSFW.
Clik here to view.

LEM Customized Report

Hi All, good day! I would like to customize my LEM report so that it will display User Log on and User Log off time and the Log on duration. Something looks like the table below. Detection IP...

View Article

Node Shutdown Notifications

Hey Everyone! HELP!! Can anybody assist me here, and hook me up with a walkthrough for setting up notifications for a node shutting down(loss of power, failure, etc)? Needing to be notified if a remote...

View Article
Browsing all 5911 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>