Get the latest news about SolarWinds Security Event Manager (SEM)
From what I've read online, it's a normal event that returns Group Membership Information. It appears in the logs between events 4624 (An account was successfully logged on) and 4634 (An account was logged off). By being tagged as MachineLogonFailure, if I filter on that event there are tons of results that don't appear to…
Hello everyone, I have an alert that tells me when an account is locked out. It works very nicely. Every once and a while it alerts me that my domain\administrator account is being locked out, but when I check that account it never is. Has anyone seen this behavior? Any ideas would be welcome! Thanks!
Hi All, As part of LEM 6.3.1, we added SNMP monitoring of the LEM VM from Orion. SNMP monitoring allows Orion users to monitor key metrics of the LEM VM including RAM, CPU & Volume statistics. Monitoring the '/var' volume is particularly useful as the log data is stored on this volume. You can view the steps involved in…
We recently just deployed LEM into our environment and I am having issues with setting up a rule/filter. I am unsure if this should be a rule initially before filtering or vise versa. Nevertheless, I am working on a close network so no traffic internally can get outside and vise versa. I want to create a filter or rule…
Our team has been working on some rules to mitigate threats from removable media. We have had good success with file monitoring, read/writes, and actively responding to executable attempts from flash drives and other removable media. Our point of contention arises when we work to meet another requirement of providing our…
I have a file share where each user has their own folder with their username that only they can access. I have file auditing (delete,read,write) turned on for the folders and files on that file share. The folders have the following naming convention Z:\Users\(username) . I would like to create a rule that sends me an alert…
We seem to get a lot of alerts for computer account changes and other things that seem to be part of regular operations. Is there a way to fine tune and turn down the number of notifications.
Hi, I am looking for someone to provide some consultancy for LEM based in London EC3.
Can someone help on Network anomalies detection, bases on NETFLOW using solarwinds
I am pleased to announce general availability of LEM 6.4 which marks our first step away from Flash. Although it will be a long road to get completely away from Flash, the LEM Events Console is a significant milestone. If you are a customer on active maintenance, this is now available in your customer portal. If you are…
It looks like you're new here. Sign in or register to get started.