Why not have out of the box correlation of events? Why do we have to build these? If you Event 4740 (locked out) why not include the logon type, logon failure codes, and logon session events? So all of the data is in one spot instead of digging around for it all? This is just one example. To be more usable, including…
Hi! I need to know if there is a way to take de NTP configuration in SEM with search string. Thanks a lot
How about being able to view your NTP configuration? I had a scenario where I was trying to get my LEM appliance to sync time with my domain controller (time was off by 20s). I would connect to the console and go the appliance submenu. From there I would run the command ntpconfig (which I was positive I had run at install)…
It is currently not possible to execute a program as an action when a rule is triggered. We desperately need this feature along with an execute as option.
Case # - 00868985 Velocloud New Connector Request Velocloud SDWAN edge devices will log to SEM but show up under Unmatched Foundry Data or BrocadeIronSeries - MOST of it is under "unmatched" which is undesirable. attached is the syslog.1633720596.tar.gz export from the SEM and the 10.0.2.254.log.gz is a raw log to…
Cisco are spending allot of effort on getting SecureX as their single pane of glass, would be nice if we could pull the data from SecureX into SEM. Optionally a connect for each of the online management systems Cisco Secure Endpoint ( formally AMP ) Cisco Umbrella Cisco Stealthwatch Cisco SMA Cisco Cloud Lock
I have a lot of devices that can send syslogs to LEM; however, often there aren't connectors for those logs. I would love to see a small development environment for creating your own syslog connectors. I imagine two different ways this could be implemented... The first method would allow you to look at the raw syslogs,…
We would like the Solar Winds Security Event Manager to add two new connectors to be able to monitor two additional specifc logs on Windows machines. These are standard Windows evtx logs, and the names and paths of these logs are as follows: Names: Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational…
The nodes connected with the SEM appear by IP or name and may not be enough to identify those nodes, and therefore there is a need for the possibility of adding a display name or a description for any nodes , and making a Tag to any node for grouping purpose.
Is there a way to change a name of a syslog node .to be a hostname instead of IP address . Note: even if the node (for example router or a switch) has a hostname it is still shown with ip address in SEM. so is there a way to make a syslog node appeared with hostname instead of ip address in SEM Manager. Note :Case number…
It looks like you're new here. Sign in or register to get started.