jhynds ✭✭✭✭✭

We've added some under-the-hood improvements with 2019.4 that should prevent that happening. Sorry to hear you ran into some trouble with the tomcat logs!

Glad to hear you managed to to make some progress with the rule triggers. If your Audit Policy is generating events for sucessful/failed logons, it should be also picking up logon type 2 (interactive logons). If you like, we can set up a quick call to test an interactive logon event to make sure those events are hitting…

This feature is included with Log Manager 1.1.​ You can view the steps involved in creating an alert from LM here.

Closing this Feature Request, as LEM now supports SSH on port 22 and 32022. For information on using an SSH client to connect to LEM, please see this KB article.

While FIM only supports Windows devices, you can easily leverage auditd for Linux file integrity monitoring. Please see this blog post for the steps involved: A simple example of using auditd on Linux with LEM

Updates to the Solaris connectors were made some time ago. As per this KB article​, there are now two options for Solaris 10 integration with LEM: - Install BSM on Solaris, along with the LEM agent or - Install Snare on Solaris, along with the LEM agent For information on installing the LEM agent on Solaris, please see…

FIM Exclusions are now possible as part of the SEM 6.7 release.

Updated list of all current connectors now available here: LEM Connector List

Glad you like the features within this release . For users running the basic version, you can avail of the Log Forwarding feature in this release, however Windows Events and Exporting are only available in 'Log Analyzer' (formerly Log Manager for Orion).

FIM Exclusions are now available within the v6.7 release.

This isn't something we are currently working on, but would love to understand the types of GDPR reports & alerts you'd like to see. Will reach out to you offline.

You are on the right track using the UserLogon.DestinationAccount field but you will need to use a group which contains all the CallCenterStaff usernames. You can create a User Defined Group, which allows you to manually input the usernames (or import via .CSV) or alternatively you can use a Directory Service Group if you…

Kiwi does not require older versions of TLS for logging to a SQL database. You may need to apply this SQL update in order to run solely TLS 1.2: https://support.microsoft.com/en-ca/help/3135244/tls-1-2-support-for-microsoft-sql-server

We have just released a new connector for the vCenter 6.0+ vpxd log. This log is the main vCenter Server log which consists of all vSphere Client and Web Services connections, internal tasks and events and communication with the vCenter Server Agent on managed ESXi/ESX hosts. I'd really like to hear which vCenter logs you…

Thanks for taking the time to provide the great feedback. Understand your point regarding the Agent Version, it's displayed when you click on a node (below) however I agree that it should be displayed on the main page for each node. I'll mark this is a request. OPS Center - This is something we are currently working and I…

Hyper-V Connectors were released as part of the November 2017 connector update: Recently Added LEM Connectors - Updated February 2018

This is included in our HTML5 UI:

Look forward to hearing your thoughts on the upgrade

A LEM application template has been released. You can view information & download the template here: LEM - SAM Application Template

Glad you like where we're heading with SEM! Would love to hear any uses case you and your management team come up with. Web based reports, request noted

There are two AppLocker connectors which be found within the 'Application' category within LEM connectors, these connectors collect AppLocker logs from Microsoft-Windows-AppLocker/EXEandDLL and Microsoft-Windows-AppLocker/MSIandScript. Please see this KB article for steps on collecting AppLocker events in LEM.

The Aruba ClearPass connector can be found under the 'Network Access Control' category within the LEM Connectors.

You will need to add an NSS Feed and make sure to use the LEM IP Address as the 'SIEM IP Address' and Port 514 under 'SIEM Port'. Using 'LEEF' as the QRadar Output Type should be ok, but we may need to adjust. Can you confirm the other available output types you are seeing?

We have added support for Wireshark to the Patch Manager catalog. Versions 2.2.1 - 2.2.7 are now available. There are fresh install and upgrade packages available, as well as 32-bit and 64-bit editions. Please note that it is not possible to install WinPcap via Patch Manager, as WinPcap does not support silent…

NetMotion Mobility Server connectors can be found under the 'Web Server' connector category in LEM.

This is now working as part of the latest 2.1.7 release, which should be available on your Customer Portal. If you're still having issues after you upgrade let me know. Here's a Windows 10 client with 2.1.7 installed:

As of July 17th 2017, Wireshark is now included in the Patch Manager 3rd party catalog. Worth noting that FileZilla and 7-Zip are also included.

Included in our new UI:

Upon further inspection, it looks like the Zscaler is expecting logs in CSV format. Can you change the output type to CSV and confirm if you're then seeing the logs in LEM? There's a chance you may see unmatched data, which we can fix based on a log sample and connector update. We'll get the logs into LEM first.

LEM 6.5 introduced support for deployment on Azure. You can view more information here: Deploy LEM to Microsoft Azure - SolarWinds Worldwide, LLC. Help and Support