Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

USB authorized group

I'm wondering how to setup a USB authorized group. I'm looking at the AUTHORIZED USB DEVICES group and it's asking for Name, Data and Description. What exactly do I need to input for it to understand the type of USB device?

Thank you

Find more posts tagged with

Accepted answers

FormerMember

1. Create a Group

2. Create a Rule

Group: Name it whatever such as USB Whitelist or Authorize USB List

Name the deivce whatever you want. I ususally name it as it is detected from the Event Info, such as Kingston_Encrypted_4GB_NetworkAccount

The Data on the other hand has to be the Extraneous Info detected by Solarwinds, such as USB\VID_04B9&PID_1202\7&2EEFC4ED&0&1

The Description is for your own notes. I ususally put in the name if the user followed by the request ticket number and when I added this device.

So what counts here is the DATA! It has to match exactly, no typos or spaces.

Rule: Name it whatever such as USB Rule

Correlations:

SystemStatus.EventInfo = *attached*

AND

SystemStatus.ProviderSID = *USB*

AND

SystemStatus.ExtranousInfo <DoesNotContain> (group: Authorize USB List)

Correlation TIme

1 Event within 15 seconds/10 min response window

Actions:

Detached USB Device

All comments

tmccolgan

The reason I ask is because I want to get this right the first time If I disable the wrong USB I could break close to 1500 machines - so I'm treading lightly.

I basically need to allow (2) certain USB devices. One is a an 'aladin' usb stick used by our field vendors. The second is actually an SDcard for our SSD systems. The SDcard is used for data backups - but Solarwinds is recognizing it as a USB device. No problem there, I just need to make sure that is on the whitelist as well.