The Log & Event Manager (LEM) team has been hard at work on a release intended to make your lives easier. We know you're swamped and decided to take a little time to make it faster to get LEM up and running and configure rules related to problems you're interested in solving without looking through a big list and clicking, clicking, clicking.


Getting Started with LEM: New & Improved!



We had a handy dandy getting started widget in LEM before, but we've taken it one step further and glued together those steps into one location rather than sending you on a bit of a wild goose chase. Now, from the Ops Center Getting Started widget you can:

  • Quickly configure Basic Settings needed for LEM to be up and running - email server settings and directory service server (for groups and/or authentication) configuration
    • As you click "Next" to move through the wizard, each step will be tested and verified. If you see a pause, that's what's going on. If there's a problem, LEM will let you know.


  • Quickly access the Add Node Wizard including links to the agent installers and the full syslog scan to configure connectors automatically


  • Use the NEW Add Rules Wizard to add rules for different areas of interest (more on that later)
  • And, view all of the quick training videos from within the LEM console!



New Feature: Add Rules Quickly by Category


Our next big addition is the new Add Rules wizard. From Build > Rules or from the Ops Center Getting Started widget/wizard flow, you can launch the fancy new wizard. This wizard will configure for you ALL rules that match a given category that can be configured easily - no active responses, just email and "infer alert" or "create incident" actions (we'll look at improving to add more active response choices in the future). This should be MUCH MUCH faster than all that cloning you had to do before. As a part of this, we've also created a new "General Best Practices" subcategory in each parent category - if you're not sure where to get started, these categories will get you a wide swath of the most common rules enabled.


          Select each category of interest


          View and select subcategories, including the new General Best Practice subcategory


          Specify email server settings (if not already configured), and email recipients (even add contacts from within the wizard if they don't exist)


          Clicking "Finish" will clone, select the right users, and enable the selected rules all in one step!


We've also revamped our quick rules training video to include how to use the new wizard and a fast example of building a rule by hand:




Fixes, Fixes, Fixes


As always, we've fixed a bunch of customer issues and included notable minor improvements. Included:

  • Improvements to our IIS coverage - if you've struggled with which fields to configure, or IIS not working right after you configure it, this is for you!
  • Support for Windows 8.1 with Workstation Edition - if your 8.1 workstations are coming up as servers and pulling Universal instead of Workstation nodes, this will help
  • Lots of new connectors! As always you can download connectors out of band to releases, but you'll get them automatically with the upgrade, too.


Sounds Great - Where do I Download? Where do I Ask Questions?


Easy: from the Customer Portal!


If you've got any questions, head on over to the Security Event Manager (SEM) Release Candidate thwack forum and let us know.


As always, feel free to post here and/or contact me directly with any feedback.