Get the latest news about SolarWinds Security Event Manager (SEM)
Hi, We have started seeing in LEM UserLogonFailure account@corp.domain.local. This does not effect the user from logging in. My question is in LEM it shows the destination account as root not the account name. Where does this account called root come from? We have no root account in AD. Thanks, -Pat
Hi, I am trying to configure 2 monitoring filters: 1 for changes just to GPO 1 for users being added to to Domain Admin security groups. I figured out how to monitor GPO however eventID 5136 also logs any changes to AD objects, how can I filter it to just ObjectType:GroupPolicyContainer? for domain admin monitoring, I…
Hi, there is a new vCenter connector available for LEM, but only as an Agent Node connector, not an Appliance connector. Was this only meant for vCenter installations running on Windows Server ? If so can we expect support for the vCenter Server Appliance (vCSA) soon ? Thanks.
Hi, Im learning how to use LEM and monitor our Infrastructure, im trying to monitor GPO changes so I can set up alerts. I have enabled the audits for GPO (screenshot attached). However in LEM, it shows as InternalWarning with no information (Screenshot attached) I followed advise from this thread Auditing Group Policy…
Hi all i want to upgrade my lem appliance (virtual, hyper-v) from 6.4 to 6.5 i've already downloaded the related Upgrade package from customer portal but in each file (SolarWinds-LEM-v6.5.0-Upgrade.iso or zip) i've downloaded i had found just an iso with "dist" and "pool" folders (no upgrade folder) i'm sure something…
Hi Not sure if anybody can help, i have a FIM group set up for 3,500 nodes, and as far as i can see i can only set up 1 email alert for the whole group? But within the group i'm getting FIM to look at several things which are: Monitor a directory and alert on any editing to a file Monitor a file an alert when a file has…
Appliance Version 6.5.0 hotfix 1, platform Hyper-V Node Version 6.5.0, Windows Server 2012 R2 i'm trying to add a WebServer (Microsoft IIS W3C v8.5) connector; sure of Log Directory, Time Zone (set to GMT), Daylight Saving, etc. when i press the "Save" button i get an error message Retry Count exceeded for…
I'm delighted to announce that Log & Event Manager 6.6 is now available. Moving away from Flash remains a top priority for Log & Event Manager. This release includes further progress in our migration towards a new HTML5 interface. Log Filtering: The LEM Events Console included with LEM 6.4 marked our first step in moving…
I'd want to correlate events, say a user login success, changing an admin group and then changing a password? how can this be done?
Greetings, Does anyone know how to configure FireEye MPS and the LEM connector to talk? We configured FireEye by enabling rsyslog, checking all events, pointing to LEM IP, and enabling. We configured LEM FireEye connector with defaults (/var/log/syslog). Adding new node doesn't discover it and there's not a connectivity…
It looks like you're new here. Sign in or register to get started.