nstanley

I am still getting RAW not normalized logs in SEM. I applied the registry key mentioned in the article but how do I fix this?

in Create SEM Connector for Azure AD Password Protection Logs Comment by nstanley November 2019

Response from Support: So it is possible to forward logs from one SEM to another. However it's terribly inefficient as the raw logging must be enabled on the forwarding SEM and the receiving SEM will be getting double the traffic. * Rules do not fire on raw (unnormalized) log data. Rules can only fire on normalized data. *…

in Forward Multiple SEMs to One Location Comment by nstanley February 2020

We use Security Event Manager (SEM) and pull all of DC logs. From there, Solarwinds developed a connector for Azure AD Password Protection, the you need a local policy change to create a log file SEM can read. They just fixed the connector on March 17th so I haven't had time to generate and test alerts yet, but my plan is…

in How to configure the alert for AD Azure password protection ? Comment by nstanley March 2020

nstanley

Comments