Get the latest news about SolarWinds Security Event Manager (SEM)
I have hundreds of RHEL machines that needed the agent and also wanted to add the agent to the automated new machine build process. I couldn't find really any good information about this on thwack. For windows you can either add the agent to an image you use or use the windows remote installer program to install to a list…
Hi, I want to know if SEM has abbility to monitor the CMD of windows agent. My main case is I want to track action by admin on Agents.
I've been getting a lot of User Logon Failure alerts for a few systems on my network that are trying log in with a disabled guest account. What could be the cause of this problem? EventType: UserLogonFailure EventInfo: Account "Guest" used for logon failed from "XXXXX-XXX" ProviderSID: Microsoft-Windows-Security-Auditing…
All, So I have a new random node that appears and it has no connectors and just shows up using a hypen as its name. When I try and search the historical records to see if I can find any events from this node, nothing appears. I will admit there is a good chance I am missing the node in my searches but I have searched by…
As title mentioned, May I ask how to create a rule for Microsoft365 Audit Log where it detects if any Azure AD admin account is added or removed? Thank you in advance.
Hi, Our system is monitoring Kaspersky endpoint protection with SEM 2021.4. SEM collects logs through a connector that looks at Kaspersky Windows event log. Whenever a user disable the antivirus or antivrus stops working, SEM will email alert us. It was working good on Kaspesky Endpoint 11.6 but when version 11.9 came out,…
Solar Winds Security Filters Size Hello! I am working with LEM, and we are trying to filter logs by DetectionIP (connector IP address) in the historical events tab. I am specifically trying to filter out certain DetectionIPs (connectors) that are creating a lot of noise (when it comes to logs) so that I can look at some of…
Hello community, I am starting to learn SEM's basics and am finding my way through. However for my organization I need to implement a rule (or response action) to remove an user from an user-defined group, 3 months after that user was created (and has been active) I can't seem to make this work, does anyone know a way…
I've got a run to send an email for EventType = UserEnable. We get around 120 of these a day, so it acts as a decent flag as to whether email alerts are working. What's happening is around once a week SEM stops sending emails at all until I restart the manager via a PuTTY session. Once I do this all is well again. We're on…
Hi, I wonder if there is an easy way to create filters and share them with every user in the SEM web interface. Or is export/import the only way?
It looks like you're new here. Sign in or register to get started.