Get the latest news about SolarWinds Security Event Manager (SEM)
I have a port scan rule configured in SEM of: TCPTrafficAudit occurred and whole rule occurs at least 10x in 30 seconds in 5 min window same SourceMachine (TCPTrafficAudit) Distinct DestinationPort (TCPTrafficAudit) I am receiving a lot of alerts from this rule firing. From what I can tell initially for the number of…
The node is a Windows 2019 RDS session host using profile disks. I don't want to monitor the user disks (and they raised alarms with no apparent reason), so I deleted them: Manage Nodes -> click the arrow on the left of the node -> select the disks -> delete Now the node is in warning: "Node status is Warning, C:\Users\xyz…
Since two days some hotfixes were available, but there was not warning/alarm about those hotfixes. I enabled "Orion Server 2020.2.6 - Main Polling Engine" but that does not seem to check for updates. It seems quite curious that your monitoring tool does not inform you about it's own updates (with critical security fixes…
Is there any documentation for /api of the SEM HTML5 Interface? I am looking for the ability to query data via Python, PowerBI etc.....
Is there a connector that will work with Sophos APs? I can set the AP to send the syslog to the SEM IP but it responds with "Server Unreachable".
Especially in "Attempted to logon using explicit credentials event" a user needed for a print solution kills the monitoring. I can of course raise thresholds, but then may overlook a real problem.
New to SEM can someone help me to figure out how to get a rule created that shows failed logons by user account when it hits a certain threshold. I need to start auditing admin activity as well as group admin activity, does anyone know a way to generate alerts for admins venturing into areas they shouldn't be or something…
Finaly managed to Make SEM Shows Nodes Names Instead of IP address doing the following 1- Create a reverse DNS Zone for every network (Subnet) in your environments .2-Create A host (A) DNS record for every device which you want to add to SEM. make sure to enable the option of Create associated pointer (PTR) record ,when…
Hi, I'm trying to find a way to detect new or rogue machines that are plugged in to our network. I thought I might be able to do this with DHCP, but some of our locations use Unifi USGs that serve DHCP, rather than getting it from our Domain controllers. My next thoguht was maybe to detect new DNS creation, but I guess…
Hello, Please does any have the documentation for injecting Sophos Firewall logs to Solarwinds SEM?
It looks like you're new here. Sign in or register to get started.