Get the latest news about SolarWinds Security Event Manager (SEM)
So this may seem weird, but here is my situation. I have a job that runs daily from our partner from their system. The job comes into a directory on a server, scans for all the files, copies them off, and deletes everything in the directory as it leaves, including any folders. The files are generated on medical devices…
Hello , I have configuered my DC as suggested in whitepapers (audit policy etc), DNS Server is set on clients to the DC In LEM i have added DNS connectors (on DC): windows dns server audit log windows dns traffic log on the firewall I have a rule which allows traffic only through our security solution. in this security…
Hi all, Just wondering what kind of rules you guys implemented for the case of flooding LEM with logs. I would guess a rule with stopping collecting logs after x incoming logs. Have u made something like that? cheers MisterKanister
I'm needing to revisit my calculations for storage capacity as we expand the sites we are covering with LEM. I'd like to do a more thorough job this time, but am having trouble finding some of the metrics I need to make my calculations. Previously I have used information from both the Database Maintenance Report and output…
I have several problematic Windows 2012R2 managed print queues that I would like out LEM to monitor to let me know when the queues have back up or stopped responding, is there anything in the LEM that can do this.
Hi Everyone...I'm setting up some alerts for the LEM to capture, and I was wondering if the community is aware of any "best practice" alerts to ensure are enabled. For example, I know that events like Account Creations/Deletions, Port Scans, etc should be enabled but what others are recommended? Thoughts are welcome!…
Has anyone setup a hotpot and configured it to report findings to LEM. I'd prefer something light and modular like HoneyPy, but it doesn't natively generate log files (yet... it does report to HoneyDB and other solutions). Looking to keep things open source as we haven't budgeted for another security product. Thanks!
The Log and Event Manager can handle a lot of events in a day, but something support sees a lot is excessive file auditing. "But wait!" I already hear you saying, "How can there possibly be such a thing as too much auditing?! My auditors tell me to audit everything!" The Experiment Yeah, well...let me paint you a picture.…
I have created a rule in LEM and by itself it is firing correctly... for the most part. We have a list of individuals that we monitor their lockouts. The trouble i run into is that we get a few false positives because the rule catches other users. Correlations UserDisable.EventInfo = *JDoe* This successfully fires an email…
We're currently doing some research around VMware vCenter logging support with Log and Event Manager. In order to accomplish our research and understand the format of the vCenter logs, we need log samples from vCenter instances, ideally vSphere v6 or v6.5. You can view information on the location of the logs files via this…
It looks like you're new here. Sign in or register to get started.