Hi,
I want to know if SEM has abbility to monitor the CMD of windows agent.
My main case is I want to track action by admin on Agents.
can we know what commands did the Admin do on specific windows agent?
You could determine when a command prompt is raised to the administrator by actual commands would be hard as this requires first checking if there is a log option for that command built into windows and then determining if the SolarWinds connector is configured to detect these logs.
If they do not then you have to raise a feature request for the connector in question.
So the short answer is going to be No.
What you want is session recording which is not an option for the solar wind sem agents.
It would be difficult to determine whether a command prompt is raised to the administrator by actual commands since you would first need to check whether Windows has a log option for that command before determining whether the SolarWinds connector is set up to recognise these logs.
If they don't, you'll need to submit a feature request for the specific connector.
So, the quick response will be "No."
What you need is session recording, which the solar wind sem agents do not offer.
You can, if you have Sysmon installed and configured on the endpoint to track process and command line. You then need to enable the Microsoft sysmon connector on the node in SEM, in order to process Sysmon generated events.
