The most recent content from our members.
How to create a rule to alert when the SEM appliance stops receiving logs? If this specific rule is not possible, how about a rule that alerts on a total number of logs received within a time period (i.e. 5 or less logs in 15 minutes?) Thank you
Hi team, We have some logs coming in from Stormshield and I want to create Rules off of the ones that were generated by specific firewall rules. I would like to recover a specific word instead of the entire content. For example: we have a block list of IP addresses that attempt to access over ssh, the firewall rule block…
HI guys Is there anyway how to create an email template to alert when one of the connectors stops responding or when a node is not sending logs anymore to SEM? I want to create a email alert rule for the non-agent connectors ( example Sonicwall firewalls or cisco firewalls etc). I do not have any issue for the installed…
Dear All , I am new to solarwinds-sem, I had configured the Microsoft365 connector and I am getting many logon failure events with the reason:deviceauthenticationfailed , note that my organization has a hybrid environment. Has anyone else faced this ? Any ideas?
Hi, I'm familiar with the "Continuous Excessive Logon Failure" rule/template. That's great but, I want a little more. What I want to be able to do is create a rule for when a brute force attack is successful. Let's say an account triggered the "Continuous Excessive Logon Failure" rule, repeatedly. So email alerts are sent…
When creating a new rule I am trying to make sure it does not repeatedly alert my email, and I was trying to use the built in "Set time when a rule won't trigger actions after rule was true" setting in the rule definition, but it is not working. I added a screenshot below of a rule I tried to use to test if it would…
I enabled the agent offline alert to make sure all machines stayed connected (duh). But I have a handful of servers that are spamming me saying the agent is offline. Insertion and detection times are the same, and the service is sup and no sign of it restarting in the event viewer. I have tried modifying the alerting time,…
Hi there, I am trying to setup email alert for DNS record update alerts. In the action tab, I am targeting to Host incidents as we trying to get alert from internal DNS server if there are any DNS records update. After I tested, I dont see any email alerts to my email. Please let me know if I have to make any changes in…
It looks like you're new here. Sign in or register to get started.