Attached is the SolarWinds LEM + LOGbinder EX content for Exchange Auditing. Included is a product integration guide with instructions for deployment and more information about LOGbinder EX.
Files included:
- Filters
- FilterGroupLOGbinder EX.swfgrp: a filter group containing 4 real-time filters (and corresponding charts) for monitoring LOGbinder EX Exchange Auditing activity
- Rules (All are tagged with Activity Type > LOGbinder EX to quickly locate)
- Admin Audit Log Policy Changed.swrul: a rule for monitoring when the admin audit log policy has been changed
- Certificate Change.swrul: a rule for monitoring a change involving an Exchange certificate or federation trust certificate
- Federation Trust Change.swrul: a rule for monitoring federation trust changes
- IRM Configuration Change.swrul: a rule for monitoring IRM configuration changes
- Mailbox Audit Log Policy Changed.swrul: a rule for monitoring when the audit log policy is changed on a mailbox
- Major Configuration Change.swrul: a rule for monitoring major Exchange configuration changes
- Management Role Change.swrul: a rule for monitoring a management role change
- Non-owner Mailbox Access.swrul: a rule for monitoring a user accessing another user's mailbox
- Non-owner Mailbox Access High Volume.swrul: a similar rule for monitoring multiple accesses to different mailboxes
- Non-Standard Mailbox Client.swrul: a rule for monitoring when a client other than OWA/RPC/Outlook is accessing a mailbox
- Outlook Protection Rule Change.swrul: a rule for monitoring Outlook protection rule changes
- Permission Change.swrul: a rule for monitoring permission changes to a Mailbox, Public Folder, or Active Directory object
- Policy Change.swrul: a rule for monitoring changes to several different types of Exchange/Mailbox policies
- Transport Configuration.swrul: a rule for monitoring changes to the transport configuration
- Reports
- LOGbinder-EX-Admin-Audit-EventIDs.rpt: a report pre-filtered to only show admin audit Event IDs
- LOGbinder-EX-File-Audit-Events.rpt: a standard LEM File Audit Events report filtered only to LOGbinder EX activity
- LOGbinder-EX-Machine-Audit.rpt: a standard LEM Machine Audit report filtered only to LOGbinder EX activity
- LOGbinder-EX-Mailbox-Activity-EventIDs.rpt: a report pre-filtered to only show mailbox activity Event IDs
- LOGbinder-EX-Resource-Configuration.rpt: a standard LEM Resource Configuration report filtered only to LOGbinder EX activity
- SolarWinds LEM and LOGbinder Integration Guide.pdf: Document detailing installation instructions and more information about LOGbinder EX