byrona ✭✭✭✭✭

In addition to Log & Event Correlation I would also encourage people to take some time to check out some of the more cutting edge security solutions on the market that are moving away from the classic definition based Anti-Virus model and moving more toward a machine learning threat analytics platform. I recently reviewed…

I don't bump often but this really needs to happen... BUMP!

Most of my log aggregation implementations have been specifically to satisfy compliance requirements. I have leveraged these implementations using some intelligence to harvest malicious IP addresses and then watch for any internal activity by those IPs. Have also created rules to look for problems with VPN tunnels. Those…

My first gaming system was an Atri 2600; when I first saw a Nintendo my mind was blown and I had to have one.

I have looked at DPA and have tried to encourage my DPA to look at it as well. At this point I am so backed up with SolarWinds products to implement I can't breath so I certainly hope he doesn't decide to look at it anytime soon and like it. I am in the middle of rolling out WHD, following that my manager just recently…

LOL, fair enough, I can do that. Thanks for all of the information.

I am in Austin right now, was just at SolarWinds HQ filming one of the THWACKCamp sessions, had a fantastic time and met some amazing people.

I think this feature would be great and would also like it to support connections to outside databases to pull information into Orion via the Custom Property for integration with other systems.

ghostinthenet​ I had not heard of container-based agents, thanks for sharing that. I certainly hope SolarWinds is working on that for Orion. Just last week I was testing how to monitor PaaS based SQL in Azure and unfortunately I was not able to get the level of data I was hoping to.

Honestly, the new licensing model for toolset is cost prohibitive for my environment so I likely won't ever use it beyond a few of the console based capabilities if we continue to use it at all going forward. I personally think most of the web based capabilities should be rolled into Orion Core as they are features that…

I think the best part of this was "Block Games outright, except after 6pm". 

This is an interesting topic. I recently came across a guy that insisted that traditional infrastructure monitoring is dead and that all that matters now in our modern world is User Experience monitoring. While I agree that User Experience monitoring is a crucial piece of the puzzle you certainly still need the other…

These are some really interesting takes on these common things. I think the one that hits me most often is "the customer is always right". If the customer was always right they wouldn't be coming to our company for help as we often end up going in and fixing what they did wrong... and sometimes continue to do wrong.…

I would agree with just about everybody else in that it goes both ways. I also think the buzzwords are bit silly because we really aren't doing anything new, just doing it in a different way with a new set of applications.

Great post and I think you are spot on about the model needing to change. I recently had the opportunity to attend a Nike Tech talk with Charity Majors as the speaker and she was talking about this as well. I thought she did brilliant job of noting how traditional monitoring is all configured to capture known failure modes…

Wow, this made me remember back to a really bad manager I had once. Me and another co-worker were in the process of re-tooling our monitoring system for the NOC and we asked the manager what he would like us to monitor, what data was most important to him and his response was "I want it all, just monitor everything and all…

Five years ago I would have totally agreed with all of the points here but things have changed and so has my perspective on this. While I think managing your logs is great, just basic syslog and alerting will no longer cut it for environments of any size due to the sheer volume of logs you will end up dealing with. Syslog…

cvachovecj‌ our use case for this is that we have additional pollers in DMZ's where our main poller isn't able to poll which means we are also unable to scan the IP ranges in those zones.

Again, an amazing summary of some awesome efforts on creativity.

We have become the hoarders of the digital world! This drives me crazy, when I try and establish requirements and I ask what data we need it always seems the answer is "everything" and when I ask how long we need to keep it for the answer is always "as long as possible". Most often when I get these answers I find it's for…

ThwackCamp is an awesome event. I was just talking to a co-worker and they couldn't believe that such an event would actually be free! This same co-wroker had just recently attended another local event that they paid several thousands of dollars to attend, it only lasted a few hours and he said it wasn't even very good. I…

I just recently got our storage guys to start using SRM which we have had for a while. They were blown away when they saw how easily they could get reports from one place on all of their storage systems.

We need to stop making "exceptions" for the sake of convenience. All too often I see requests come down from executives requesting exceptions be made for their convenience. What they don't understand is that is also for the convenience of the hacker. In this specific case I am blaming executives because that is one I have…

aLTeReGo​ thanks so much for following up on that! So it sounds like I should be safe to disable TLS 1.0/1.1 on all of my Orion servers and everything will still function properly?

We do basic configuration management in our normal environments, mostly backup based such as that provided by NCM. We include FIM capabilities in our compliant environments.

The complexity of this increases dramatically for a service provider managing dozens of private cloud environments that can include different storage technologies all which require different tools to manage and do the necessary analysis tasks.

I guess there a lot of things I just don't see the point in having "connected". Refrigerators, light bulbs; really? What real benefit am I going to get out of this other than added complexity to my life? I certainly see that having everything connected opens up new and dangerous attack vectors but maybe the solution is as…

Looking forward to another great event, you guys always do an amazing job with this.

Jfrazier​ I don't know what you are talking about. When I read the marketing materials on these SIEM solutions they all tell me how easy they are and how they all do this automagical correlation and great reporting, nothing about teams or time to setup and manage?

I’ve long felt that even a single VM that consumes an entire ESX host would be preferable to standing that same machine up on bare metal. Things like uptime, vMotion, VMware snapshotting, etc. add so much functionality on an architectural level that to me, as an administrator to the VMware infrastructure, that it still was…