Community Posts

The most recent content from our members.

Recent Posts

Solar Winds LEM filter size
Solar Winds Security Filters Size Hello! I am working with LEM, and we are trying to filter logs by DetectionIP (connector IP address) in the historical events tab. I am specifically trying to filter out certain DetectionIPs (connectors) that are creating a lot of noise (when it comes to logs) so that I can look at some of…
LEM filter
Hi, I am trying to set a filter to alert me for a specific windows security event. I have set up the rules, but I am not getting any alerts. Am I setting the filter the correct way ? The screenshot is attached. Thanks,
How to reduce footprint of Windows Service accounts
Hi there, I was wondering whether anyone had any advice on how to tune out the volume of events received from Service Accounts? I have followed the auditing policy as per https://support.solarwinds.com/Success_Center/Log_Event_Manager_(LEM)/Audit_Policies_and_Best_Practices_for_LEM However, we have applications like…
Filter assistance handling multiple accounts targeting one system, and one account targeting multiple systems.
I’m trying to build a couple LEM filters. We’ve got 2 different filters we need to make, to accomplish the following…. * Failed login attempts of multiple accounts, in a short period of time, on one device. * Consecutive access denied on multiple devices from a single account (local or domain). Could anyone recommend how…
Does not equal filtering question
I want to see all the executables run in the user's home directory. I can see that information with the ProcessStart.ExtraneousInfo *C:\Users* but when I try to filter out all of the usual executables that run in that folder it does not seem to filter them. Example of the rule I created: Any suggestions on how to get this…
File Size
Is there a way for you to see properties like the size of a file? I know that you can see the name of a file when an event like FileRead or something else happens, but I can't seem to have access to the size of the file through LEM. Any suggestions? Thanks in advance!
Port Scan - LEM
Hello, I have created a Firewall Logon Failure with Inference notification. An email notification was added to the actions which was followed by several notifications being sent out. Checking the filters, TCPPortScan has hundreds of events and I am wondering how I can make use of this information. Alot of the…
LEM Filters / Rules - Monitor for software installation
Hello, We are trying to configure a Filter (and later a Rule) in LEM (ver 6.1) that will alert when any software is installed on a Server/ Work station on which a LEM agent is installed. We are looking for some guidance on this. Thank you.

Welcome!

It looks like you're new here. Sign in or register to get started.