HostIncident event
This might be a silly question with a more than obvious answer. I have been reading through the user guide and I have enabled several rules (such as Track Failed Login Attempts to Administrative...
View ArticleRecording policy changes from Sophos Enterprise Console 5.2 in LEM?
So my question is pretty simple (although I don't expect the answer to be), is there a way of pulling any policy changes or logs from Sophos Enterprise Console 5.2.0.644 and having them recorded and...
View ArticleCitrix Storefront Connectors
I'm looking to gather Citrix Storefront event logs but cannot find a connector in LEM. Does anyone know of a LEM Connector for Citrix Storefront? The Storefront event logs are under "Event Viewer >...
View ArticleUsing a Threat Intelligence Feed with LEM?
I am curious if anybody out there is using LEM in conjunction with a Threat Intelligence feed? I realize that LEM doesn't currently accept any of the feed protocols; however, I have seen that some...
View ArticleMonitor taking ownership of a mailbox
Does anyone know if there's a way to monitor and alert on taking ownership of a mailbox in Exchange? I know it generates an log event if auditing is turned on, but I don't see a corresponding Event in...
View ArticleFiltering Certain Windows Security Events Before the LEM Agent Sends to the...
Hi all, We currently have monitoring processes that logon to our servers continuously to monitor the overall health of the server. This turns into thousands of unnecessary events flowing into LEM. Is...
View ArticleEditing a Rule in LEM for Monitoring a Particular OU
SolarWinds support assisted me with creating a rule which monitors a particular OU. However, I would like to modify the rule. When I attempt to do this, I have no options to choose another OU. Not...
View ArticleOpenVPN syslog support
I've got an OpenVPN server sending its syslog to my LEM. Data is being received, but the Event Info is being reported as "Unmatched F5 BigIP messages Data ($RevisionL #47 $)". I'd like to be able to...
View Article"Remove the White Noise"
Hi all, I have recently stated looking at our LEM installation for the Security Team. They have done some basic configuration and logging including deploying the agent and seeing what LEM can do. They...
View ArticleIIS W3C Log Collection
Hey guys, I am having trouble with The Microsoft IIS Web Server 7.0 and 8.5 connectors. No events, other than tool START and STOP events, are being generated in LEM. The file paths I'm using for either...
View ArticleHP Printer Status (port 5226) PortScan triggered events in LEM?
Hi all. Anyone has any experience or opinion about having bunch of portscan events triggered in LEM relating to the HP Universal Printer Driver contacting workstations on port 5226 for printer status?...
View ArticleMultiple Active Directory Domains
Our organisation has more than one domain, is it possible to add more than one Active Directory connections to populate multiple Directory Service Groups? Thanks
View ArticleIntegration of LEM with Orion NPM
To quote the "What are we working on now" thread for LEM from 2011: "SolarWinds Orion Platform Product Integration: Escalating Events from LEM to Orion via SNMP TrapsSince we're in the business of...
View ArticleLEM Rules Fired Based on WMI Events
Hello thwack! I am fairly new to LEM and all of the features it has to offer. I have been doing some reading up on WMI and some of the potential security flaws (and fixes) that it has to offer. Based...
View ArticleLEM File integrity monitoring
One of the reasons I chose LEM for an evaulation is it's file monitoring capability. I've searched through the user guide and I can't seem to find how this is configured. I do have the agent running on...
View ArticleSolarwinds LEM documentation
Hi Guys, recently I feel that there is a lack of documentation in Solarwinds LEM. When i was questioning about the correlation of the rule template, how it is being triggered and what is the term which...
View ArticleCritical Account Logon Failure
Greetings, I came across a thread (https://thwack.solarwinds.com/thread/66209) that described a modified filter that would be good at catching someone trying to guess user passwords without locking...
View ArticleSolarwinds WHD
Is there a documentation of how to configure the Solarwinds WHD to send logs to LEM?
View ArticleLEM Customized Report
Hi All, good day! I would like to customize my LEM report so that it will display User Log on and User Log off time and the Log on duration. Something looks like the table below. Detection IP...
View ArticleNode Shutdown Notifications
Hey Everyone! HELP!! Can anybody assist me here, and hook me up with a walkthrough for setting up notifications for a node shutting down(loss of power, failure, etc)? Needing to be notified if a remote...
View Article