marcusmm8

where would i go in the pc to investigate this?i.e. it is a laptop. This also occurs when the users open/closes the laptop.

in 4656 event log with FIM on windows 7 machine filter Comment by marcusmm8 May 2016

we are about to upgrade to 6.3.1, let us know if you hear back from Devs.

in Ndepth scheduled search limit Comment by marcusmm8 November 2016

any solutions?

in Email Alerting stopped Comment by marcusmm8 November 2016

We have gotten the checkpoint connector to work on the LEM, but are we able to see user activity level? curtisi

in Checkpoint connector for r75.40 SPLAT Comment by marcusmm8 June 2016

yes i have setup all my DCs but i still see traffic in/out on port 53 ... thoughts?

in suspicious DNS traffic rule Comment by marcusmm8 June 2016

I have to use the slider to view some of the node information but then i am unable to click anything else including reset. I am using google chrome Version 50.0.2661.87 m

in Does anyone have an issue searching for nodes (LEM 6.2.1)? Comment by marcusmm8 April 2016

Thank you as always curtisi. As far as VPN, ill open up a support ticket.

in license recycling for non agent Comment by marcusmm8 January 2017

authentication package MICROSOFT_AUTHENTICATION_PACKAGE_V1_0. ProviderSID: 4776 failure reason: ErrorCode:0xc000006a (user name is correct but password is wrong). No logon type present

in failed logon every 15 minutes Comment by marcusmm8 March 2016

Now google jumping on board? https://threatpost.com/chrome-defaults-to-html5-over-adobe-flash-starting-in-q4/118109/

in Adobe Flash zero-day Comment by marcusmm8 May 2016

I have noticed the same thing and have identified that this occurs when someone VPNs. The agent node should reflect a node you recognize either by name or IP.

in Mystery Nodes - LEM Comment by marcusmm8 July 2016

I would also be interested in stickers (none in the shop).

in Solarwinds Laptop Cover/Stickers? Comment by marcusmm8 November 2019

What version are you in? There is a hotfix available which impacts the partitioning for the data. We had similar issues.

in Issues with 'Result Details' within nDepth Comment by marcusmm8 April 2016

curtisi any insight here? should i open a ticket?

in Ndepth scheduled search limit Comment by marcusmm8 August 2016

One struggle i have is what type of alert (incidents and/or email notification). We have seen occasions where auditors see the incident but ask if an email also went out. Requirements are a good indicator of what to monitor (i.e. PCI). As far as nonagent devices, definitely try to capture admin activity. Syslog docs have…

in Recommended SIEM Events? Comment by marcusmm8 January 2018

I had opened a ticket with Solarwinds regarding this. They appear to be having issues internally. They provide a link for manually downloads: http://downloads.solarwinds.com/solarwinds/Release/LEM/SolarWinds-LEM-Connectors.zip

in Connector Updates failing Comment by marcusmm8 July 2017

in software installation/installation operation event Comment by marcusmm8 May 2016

we have seen this happen in our environment and have solved the issue by identifying a specific local folder shared to "everyone". When the user tries to access a file, it tries to authenticate to the guest account. Removing the persmissions from "everyone" solved the issue. Hope this helps.

in Local PC Guest Account Notifications Comment by marcusmm8 March 2017

What i usually do is create a group of false positives (which is updated constantly in order to decrease false positives in reporting and also provides evidence of review). In addition, schedule a daily search report which is emailed to have evidence of report received daily summary in the morning. Once the report is…

marcusmm8

Comments