Get the latest news about SolarWinds Security Event Manager (SEM)
Is there a way to alert on a syslog device not sending? As part of our security checks we have to alert if a server or device stops sending logs. Thanks for any ideas you might have. Steve
I have a really large environment (many domain controllers). I currently have the SEM/ LEM agent installed on my two local domain controllers and I can see the changes made to the security groups as long as I am logged into one of those two local domain controllers that have the agent installed. If I, or someone else, were…
I am needing to create a monitor with a filter condition that would query a custom local security group on a file server. I know that using a Active Directory domain group or even a SEM group would be easier and probably even suggested, but due to some constraints in my environment, that solution does not give me the…
Needing a hand, this is my first time diving into LEM/SEM and created my first rule but doesnt seem to be working. Im trying to send email alerts each time a user gets disabled to our help desk but doesnt look like its executing. Not sure if its my rule or maybe my email template/smtp is incorrect in some way (Im able to…
Has anyone been able to setup a way to automatically pause alerts when a vulnerability scan is run. These scans do produce a tremendous amount of noise and flood our alerting system.
Hi Everyone, First time poster to these forums. I have the SEM Appliance running on an Industrial Control Network and I would like to add McAfee Antivirus to it. I've used Linux for years and I understand the implications of not having AntiVirus on it as well as the false-sense-of-security Linux can provide simply because…
I have an OpenShift 3.9 cluster that is configured with an EFK stack with fluentd log collectors. I can configure the fluentd daemon set to offload application and operation OpenShift logs to an external syslog collector (RHEL 7 Server via Port 514) . Can I configure the fluentd daemon set to offload these logs to a LEM…
Hi there...I am trying to edit a rule to have an IP or host name detected when a user was added to administrator group. Previously created rule (by another person) doesnt have the IP or host name to detect, when the event is triggered. I am trying to edit that rule & also added another "send email message action & I cannot…
Hi there...I have worked on LEM before, but its been awhile. I am trying to find if I create a rule and not specify a group to target for systems or users, will that rule apply for every nodes thats added in the LEM ? Can you please advice me in that ? I have been watching videos about creating rules, but when tried to…
I have a trial version of SEM installed as a test, the windows installer instals ok, the server is configured and can ping ip addresses, but the nodes aren't showing on the GUI. I've left it around 45 minutes for the nodes to communicate with the server, but they're not there. do I have to do anything else? Such as a…
It looks like you're new here. Sign in or register to get started.