Get the latest news about SolarWinds Security Event Manager (SEM)
Hi All, I am trying to configure an alert that will trigger when a user in a DS group (AD) fails 3 attempts within 3 minutes from same detected IP. The DS-group is populating correctly with all the user accounts from our AD. But it is not triggering?
I'm sure at least some of the information below is already out here, but based upon my recent adventures getting our syslog devices into LEM, I thought it may be handy to have more information on a single page. The instructions that LEM links to for the configuration of Cisco syslog works fine for switches. For routers…
Is there any way to estimate the amount of time a LEM upgrade on a standalone appliance will take? Specifically we're going to upgrade from 6.3.1HF7 to 6.4. I'd like to give my support teams some estimate of downtime. I can reasonably estimate the time it will take for agents (~660) to upgrade, but I'm primarily concerned…
Does anyone have a list of all the ProviderSID list. I am needing this to help create a LEM alert for Database Service Start, which for when someone creates a new Database to get a alert on it. Any help would be helpful The version of LEM 6.3.1 HF7
All; I just lost a day trying to figure why I could not run a report. It was locking my account on the domain. Finally I realized there was a %, \ and a ; in the password. There was nothing telling me I had "bad characters" in my password. Is there a list of passwords not allowed for reports. The account with that password…
Hi, I'm new on platform and tried to get some kind of idea on what goes where. Couldn't figure out so I just used new post -button to see how things work. I'm currently evaluating N-Central as a ground-solution for my endpoints (100+ device environment) I tried to do some searching on if there is a way to data out from…
Hi, We have started seeing in LEM UserLogonFailure account@corp.domain.local. This does not effect the user from logging in. My question is in LEM it shows the destination account as root not the account name. Where does this account called root come from? We have no root account in AD. Thanks, -Pat
Hi, I am trying to configure 2 monitoring filters: 1 for changes just to GPO 1 for users being added to to Domain Admin security groups. I figured out how to monitor GPO however eventID 5136 also logs any changes to AD objects, how can I filter it to just ObjectType:GroupPolicyContainer? for domain admin monitoring, I…
Hi, there is a new vCenter connector available for LEM, but only as an Agent Node connector, not an Appliance connector. Was this only meant for vCenter installations running on Windows Server ? If so can we expect support for the vCenter Server Appliance (vCSA) soon ? Thanks.
Hi, Im learning how to use LEM and monitor our Infrastructure, im trying to monitor GPO changes so I can set up alerts. I have enabled the audits for GPO (screenshot attached). However in LEM, it shows as InternalWarning with no information (Screenshot attached) I followed advise from this thread Auditing Group Policy…
It looks like you're new here. Sign in or register to get started.