Get the latest news about SolarWinds Security Event Manager (SEM)
We are using latest version of SEM (2019.4), for all our Linux-based (Centos 6/7 or Debian 9/10) hosts with SEM agents we came into surprised why its only taking the user ID on logon event instead of the actual login name. However for log-off events its working normal. Anyone having the same findings?
We had the Port Scans alert in SEM setup with the OotB rules ( i know dont beat me up) and we did not really get any false alerts until recently and now it is hitting this alert fairly frequently. i am wondering if you have a best practice on what is a good way to monitor and alert to unwanted port scans on the network. we…
Hello all, need some advice! I'm getting ready to go through a SOC 1&2 audit and need to show were pulling and alerts on certain logs/event on specific nodes. I currently have 60 nodes in SEM but only 20 are in scope so Id like to be able to build rules and email alerts on that specific 20 for the audit, is there a good…
To my knowledge, inserting nodes into a connector profile group in SEM is only a manual process. This is time-consuming enough, however when the agent is reinstalled on a machine, it is dropped from the profile and that work has to be done again. We are needing a better solution for putting nodes in connector profiles and…
I recently realized that USB attachments were not being logged. I tested my system using a USB external hard drive and the attachment to my system never showed up in nDepth. Started digging into the logs and it appears that only Windows 7 systems and recently built Windows 10 systems are logging the attachments. We are…
A couple requirements that I solve a different way but it would nice if it was just a checkbox in SEM to make it easier to do. Storage of RAW logs: One requirement is to store logs in RAW log format. Since SEM normalizes the data and puts it into the database this won't solve this requirement. There is an additional…
I understand there is a Cylance Connector to be able take in data from Cylance by turning on the syslog option on the Cylance web portal. Unfortunately, due to how my organization is setup I cannot send the logs that way. Is it possible to pull in the Cylance logs from each individual windows client that has SEM installed…
I have been tryinng to get servers upgraded to 6.7.1 from 6.3 and have had some issues doing so. It appears that there is no way to remotely uninstall a 6.3 or 6.3.1 agent. I was trying to using the 6.4.1 agent remote installer to upgrade the 6.3 clients but that has not been working. I have been remoting into the machines…
Hello, We've been using a rule we made that would detach unauthorized USB from the computers, it then stopped working for some reason, we then tried to use the prebuilt template already available, the USB-Defender Events monitoring is still showing usb being attached but the rule still isnt working, any ideas?
What LEM connectors should I use for DNS/DHCP on a Windows 2012R2 domain controller?
It looks like you're new here. Sign in or register to get started.