Pros & Cons of encrypted (bitlocker) removable media and LEM
Our team has been working on some rules to mitigate threats from removable media. We have had good success with file monitoring, read/writes, and actively responding to executable attempts from flash...
View ArticleScheduled Search 10MB limit
I was curious if there is a way to remove the 10MB limit that the scheduled searches currently have on the CSV file that they will create? I want to be sure that when I have a scheduled search that it...
View ArticleLEM Sharing Filters, Widgets and Searches
We use the web console for LEM and would like to know if there is a way to share Filters, Widgets and Searches with other users? I know these can be Exported/Imported but it seems like sharing them or...
View ArticleEmail template and rules
Hi, I have created an email template (clone a preconfigured one): $EventInfo $SeverityDetection time: $DetectionTimeLEM has detected suspicious firewall traffic that can be indicative of port...
View ArticleNot able to login the system and servers
Hello All, Good day to You! we have the SolarWinds LEM agents in the system before its working fine, now I am not able to login in the system its shows. If anyone has the same issue before if yes...
View ArticlePort Scan Monitoring - LEM
Hello, I have configured a port scan alter using the in-built template in LEM. I was wondering who else uses this alert and if they have any tips for amending the policy to receive more useful...
View ArticleBackup and restore facility for LEM
We have PCI-DSS requirement that we need to store 1 year data into an archive storage then restore the last three month data. How can we be able to populate the 3 month data and load into LEM web...
View ArticleCheckpoint connector stops frequently
Hi all I have checkpoint opsec connector which stops frequently(Every few days, I have to restart it manually every time),. so I want to ask if there is a way to set it to restart the connector...
View ArticleScheduled Search 10MB limit
I was curious if there is a way to remove the 10MB limit that the scheduled searches currently have on the CSV file that they will create? I want to be sure that when I have a scheduled search that it...
View ArticleClik here to view.
LEM / RHEL7 - No Log Data
Hello, BackgroundWe are just rolling out LEM (6.2) and have hit a speed bump while configuring our Linux infrastructure for LEM. After installing the linux agent on a RHEL 7 box (first one we've...
View ArticleHow often do you restart your LEM appliance?
Just a random thought.... How many of you regularly restart your LEM appliance if at all? (Weekly,Monthly, Quarterly, Yearly... Never?)Am wondering if you think it is worthwhile doing it on a regular...
View ArticleDetermine when a user logs on/off for the day
I could use some help figuring out a way to determine when a particular user has logged in for the day, and when they stopped working for the day. The user in question uses a laptop that goes home...
View ArticleLEM Retention Alerting?
I was curious if there is a way to alert when the data-retention in LEM drops below a specified number of days? I need to retain data for a year so I would like to set a threshold to be alerted if the...
View ArticleFile monitoring on Linux
Hey guys, What connector would you guys use to monitor changes made to a file on a Linux host? Specifically a log file. I would like to be able to generate events noting the changes made to said file....
View ArticleLEM; How to debug email configuration.
I have an Email Active Response connector in our manager (LEM appliance). It is not sending any emails. The email test generates and event "Name: InternalCommands EventInfo: Initiated Action: Send...
View ArticleZero-day exposed in LEM
Didn't know if anyone had seen this one: Zero-Day Vulnerability on SolarWinds® LEM Platform Identified by Digital Defense, Inc. | Business Wire That doesn't sound too good..
View ArticleOrganizing emails triggered by rules
Hey guys, I've been having a great deal of luck by having email notifications sent to a shared email folder whenever an important event happens. A problem I'm having now is that this folder is swamped...
View ArticleCISCO ISE AND LEM
Hello experts, I have a customer wanting to configure his ISE 2.0 server to send syslog messages to his LEM. We tried different ways but we can't make it work.We configured ISE with the IP of LEM and...
View Articlelooking for advice on whether SolarWinds Log & Event Manager is better than...
Looking for any advice on why Solar Winds is better investment than Varonis for SIEM
View ArticleEmail alerts run amok...help
LEM members, I haven't been able to get in touch with support to get answers so I thought I'd try here. We had a specific rule in place for years and yesterday something triggered the rule to spew...
View Article