Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Creating a Rule to Compare Shared Folder Name vs Username

I have a file share where each user has their own folder with their username that only they can access. I have file auditing (delete,read,write) turned on for the folders and files on that file share. The folders have the following naming convention Z:\Users\(username) .

I would like to create a rule that sends me an alert every time the sourceaccount does not match the username of the folder accessed in the eventinfo.

Does anyone have a suggestion of a good way to do this? I have tried and have not found a solution that works.

Find more posts tagged with

rules

Accepted answers

All comments

curtisi

I don't think this will be possible in LEM. The username will usually be in the format or "DOMAIN\user" and the file path will be a complete "Z:\Users\user" path. I can't take a partial field from an access event (drop the "DOMAIN\") and a partial path (drop the "Z:\Users\") and compare those values. It is possible to have LEM do comparisons between values in multiple events, but it requires exact matches.

lreuss

LEM doesn't support regular expressions?

curtisi

Nope, not in the searches and correlations. There's regex in use on the back-end, but it's not end-user accessible.

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Best Of