• State Not Answered
  • Replies 1 reply
  • Subscribers 24 subscribers
  • Views 140 views
  • Users 0 members are here
Options
Related

New to SEM What kind of logs and rules should I monitor/create first?

Jmoye
1 month ago

Hello everyone! This is my first time diving into SEM from Solarwinds. I have created a simple rule to monitor remote logins from computers that normally would never RDP into anything. This was my first rule I ever made and it was mainly created so I could learn the system, but it can be helpful if an admin saved their credentials and then a standard user RDP into something using those credentials. 

My question- What are some of your favorite rules that you have created? Where should I look to gain best practices for this tool? What do you think are the most important things to track and report? What kind of reports/rules do you have for your firewall?

Any advise will be much appreciated!

  • 0 1 month ago

    1. Ensure you enable additional logging on the AD server for success and failure which is not by default. reference MS security Baseline if your not sure.

    2. if you have an LDAP connection setup import directory groups to filter by department(depends if you setup your AD this way).  

    3. I set up a reverse proxy with a public DNS name for agents to connect to this means getting data back to sem regardless of VPN status. 

    4. Setup of query or live events group to track VPN logins.

    That is a good start

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.