The most recent content from our members.
There should be a browser connector or extension which could allow for easier reporting on web traffic. Currently with WebTrafficAudit event is quite ineffective. It could (be a listener and) provide basic information like: * Event time * Hostname * Account * URL * Protocol * Browser version * Page size * Time on site…
Hi Not sure if anybody can help, i have a FIM group set up for 3,500 nodes, and as far as i can see i can only set up 1 email alert for the whole group? But within the group i'm getting FIM to look at several things which are: Monitor a directory and alert on any editing to a file Monitor a file an alert when a file has…
I have a federal STIG requirement to monitor for when the SIEM reaches 75% of disk space used. The default rule out of the box called "SolarWinds Disk Warning" uses 90% used as the trigger for the warning. The problem I'm having is in the rule I don't see any 90% listed anywhere in the logic. How does this rules work? The…
LEM currently will receive and store the events being forwarded to a specified location within LEM. When access the LEM from the cmd the selected repository will show the forwarded events, however you can not manipulate the data within the GUI. It would be extremely helpful for some deployments to be able to create alert…
We are seeing hundreds of failed logins for users from the ToolAlias: Cisco ACS and AuthPackage: MSCHAPV2. Is there a way we can configure LEM to reduce these logs? I've contacted the users and they always tell me the same thing. "The only thing different about my account is that I've reset my password recently" I feel…
So I am trying to build an alert for user logon failures to my cisco devices. I have a filter that allows me to monitor real time using LEM and it provides most of the information I would like however I would like email notification whenever someone fails logon to my routers and switches. I created a custom email template…
The latest attack seemingly took the world by surprise. However, most of the affected users were using unpatched and unlicensed versions of Windows. How do we take a stand against ransomware and avoid being sidelined by these attacks? Here are a few things that I do and am happy to share in an effort to help strengthen…
I am currently running a 30 day trial of LEM. I have the environment fully configured including an agent installed on our domain controller. I have other rules set up and successfully firing email alerts for things like failed login attempts on our cisco switches, changes to firewall policies, etc. I would like to receive…
We have a custom service that has been installed on one of our Windows servers that is getting started manually without anyone knowing about it. The event logs only show that it was started, not WHO started it or from WHERE. Has anyone used LEM (or Orion/SAM) to track this kind of information? Can you help me figure it out?
We just upgraded our firewall, and one of the new features was an interactive map showing all the attacks coming in from various locations around the world. Everyone was mesmerized by it and I thought it'd be a cool feature for LEM.
It looks like you're new here. Sign in or register to get started.