Get the latest news about SolarWinds Security Event Manager (SEM)
I've been getting a lot of User Logon Failure alerts for a few systems on my network that are trying log in with a disabled guest account. What could be the cause of this problem? EventType: UserLogonFailure EventInfo: Account "Guest" used for logon failed from "XXXXX-XXX" ProviderSID: Microsoft-Windows-Security-Auditing…
All, So I have a new random node that appears and it has no connectors and just shows up using a hypen as its name. When I try and search the historical records to see if I can find any events from this node, nothing appears. I will admit there is a good chance I am missing the node in my searches but I have searched by…
As title mentioned, May I ask how to create a rule for Microsoft365 Audit Log where it detects if any Azure AD admin account is added or removed? Thank you in advance.
Hi, Our system is monitoring Kaspersky endpoint protection with SEM 2021.4. SEM collects logs through a connector that looks at Kaspersky Windows event log. Whenever a user disable the antivirus or antivrus stops working, SEM will email alert us. It was working good on Kaspesky Endpoint 11.6 but when version 11.9 came out,…
Solar Winds Security Filters Size Hello! I am working with LEM, and we are trying to filter logs by DetectionIP (connector IP address) in the historical events tab. I am specifically trying to filter out certain DetectionIPs (connectors) that are creating a lot of noise (when it comes to logs) so that I can look at some of…
Hello community, I am starting to learn SEM's basics and am finding my way through. However for my organization I need to implement a rule (or response action) to remove an user from an user-defined group, 3 months after that user was created (and has been active) I can't seem to make this work, does anyone know a way…
I've got a run to send an email for EventType = UserEnable. We get around 120 of these a day, so it acts as a decent flag as to whether email alerts are working. What's happening is around once a week SEM stops sending emails at all until I restart the manager via a PuTTY session. Once I do this all is well again. We're on…
Hi, I wonder if there is an easy way to create filters and share them with every user in the SEM web interface. Or is export/import the only way?
We're using SolarWinds SEM product ver. 2022.2.2 - How do I increase the session timeout for the web interface? I'm getting kicked out quite frequently.
I am confused by the Solaris SEM agent install documentation; SEM Agent v2022.2 is supported on Solaris 10 onwards according to the requirements/release notes. The Java dependency is either Java 11 or Java 16. The last Official Java available for Solaris 10 is Java 8. So Solar winds agent 2022.2 can only be supported on…
It looks like you're new here. Sign in or register to get started.