techguru

I am just circling back and submitted a tech support ticket.

in Respond and Kill Process Comment by techguru May 2019

I can't provide a screenshot but I did follow Configure the Kill Process active response in LEM, and also I tried to manually kill the process from the monitor screen...neither worked but the popup message worked fine.

in Respond and Kill Process Comment by techguru May 2019

When you look in the edit screen for the rule, you will see variables in the email section. You have to drag whatever information you want into those boxes next to the variable. For example, if you wanted DetectionIP, you would need to drag that into the box. Also a side note, when you create email templates, you can make…

in Sending LEM emails from rules - not getting any details in the email. Comment by techguru April 2019

That feels like an easy feature to add since LEM can already use the connector to query AD for things like members of an OU.

in Display Full Name From AD Comment by techguru April 2019

Sorry for the confusion...when I say they aren't executing I mean they aren't triggering. I checked the rules filter etc. where it normally shows xyz rule was triggered and nothing happened. Anyways the reboot DID fix the problem but it's still pretty strange.

in Rule Alerts Stopped Sending Emails and Executing All of a Sudden Comment by techguru April 2019

Agreed...you probably aren't actually logging the events on the system. Logon/Logoff is a pretty full proof event, so if it's not showing you probably aren't capturing the events. You can look in the event viewer and check the security logs as well. One fallback to keep in mind is to use the event group "Any Alert" and you…

in Tracking User Logons to the Windows Machine Comment by techguru April 2019

techguru

Comments