Get the latest news about SolarWinds Security Event Manager (SEM)
The SEM (Security Event Manager) Team want to hear from you if you've been using reporting in the tool! Take this short (~ 5 min) survey, and receive 500 THWACK points! https://survey.alchemer.com/s3/6251383/UX-202103-SEM-Reporting Thanks for your help!
Hello all, I'm attempting to create a rule when a file extension is changed. I'm not sure what event windows creates when doing this and was wondering if anyone had info or tips on going about this. Thanks in advance for any tips or advice!
Hi everyone , having a query on the availability of search API for searching events in SEM . And if it is , is there a way to configure my SEM to query events from another SEM using the search API?
Hi there, CVE-2021-4034 (https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034) affects Debian, which the Solarwinds 2021.4 appliance runs on. Is there a patch for this vulnerability? Thanks, Albert06
I don't see any way to get SEM to consume the X-Forwarded-For header in IIS logs. Is there something I am missing?
Hello - I know that the suspicious DNS rule is often the one that creates the most noise on the network and what I am looking for is to find the best option for writing this rule. Currently this rule will generate a ton of traffic. Where as this specific rule generates no traffic at all. The first rule is generating its…
A related question. Is there some sane way to tell which rules were touched 1-2 days ago? I see an option for modified up to 24 hours ago but then it goes "24+" which isn't helpful for me. I know I can hover over each of the many many rules and get that info but it's not ever going to be a priority for me to spend that…
I have the latest version of SEM. And I am running a Windows Server 2019 with file shares When my users open a file from their own desktop, It flagging as NT/Authority. How do I fix this? Thanks -Garen
Is there a place I can go to find out exactly what an Event or an Event Group is looking at. For example, I noticed that one of the built in filters is called "Security Events". When you go to edit that filer, you see that the condition is "Security Alerts". Where can I go to see exactly what is considered and what will…
We're seeing this pair of Windows Security events every second or two against a user's account. Name: UserLogonFailure ProviderSID: "Windows-Security-Auditing" <Event> Severity: 4 1) Event 4776 EVENT INFO: [Account "<username>@<domain>" used for login failed from "<workstation>" ExtraneousInfo: Error Code: 0xc000006a…
It looks like you're new here. Sign in or register to get started.