Get the latest news about SolarWinds Security Event Manager (SEM)
Looking to pull logs from a windows NPS server. I sort of have it working as its pulling some NPS logs but they don't have the needed data. I'm looking to pull the Mac address of devices that are attempting to Authenticate with old credentials. The only Log im getting right now gives the IP of the Wireless controller which…
Our Primary Domain Controller (PDC) shows many, many UserLogonFailure Events (4776) with the text: "user name is correct but the password is wrong" and also "Error Code: 0xc000006a Error: user name is correct but the password is wrong". The AuthPackage is: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 I suspect somehow this is our…
I'm in charge of our SEM at work and was told that I need a certification for it. I checked the SCP program and it shows that there's an exam for it but in the PSI site there's none. Am I missing something here?
Hi, I am new here to the THWACK community. I am looking for a document to guide me how to "best' configure the my SEM. Any information will be highly appreciated.
Is it possible to have multiple firewalls across separate isolated networks all send log data to an Agent installed on a Virtual Windows Server which has been configured to connect to each of the separated networks via multiple nics? I.e. the following: I would like to be able to have Cisco Firewall 1 on Network 1 send its…
Hi! There was a article talking about: https://support.solarwinds.com/SuccessCenter/s/article/LEM-Top-PCI-Events-filter-conditions?language=en_US&r=38&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1 But this article do not work with 2020.4 SEM. Any one…
I am working on an alert to send to our help desk when users have a specific application crash on a Windows workstation. I have created the event monitor to alert on the crash and that is working as expected. The part I am having trouble with is returning the current active user. I have asset inventory enabled on these…
I'm trying to set up a scheduled search to monitor changes to GPOs. Running SEM 2020.4. Any suggestions regarding the best way to set up this query would be much appreciated. Thanks!
Pleae give me update of connectivity
I enabled the agent offline alert to make sure all machines stayed connected (duh). But I have a handful of servers that are spamming me saying the agent is offline. Insertion and detection times are the same, and the service is sup and no sign of it restarting in the event viewer. I have tried modifying the alerting time,…
It looks like you're new here. Sign in or register to get started.