cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Creating LEM Rules is Now Made Easier Than Ever

Level 14

What are “Rules” in Log & Event Manager?

Rules, in SolarWinds Log & Event Manager (LEM), are customizable event correlation algorithms that correlate events sent by LEM Agents and remote logging devices. Whether you are monitoring the LEM console or not, LEM rules track events in real time allowing you to

  • Correlate multiple events from different sources
  • Automatically trigger alerts or email notifications
  • Respond to security events in real time

When a single event or a series of events meet a rule's correlation conditions, the rule automatically prompts the LEM Manager to take action, such as notifying the appropriate users, or performing an active response (blocking the IP address or stopping a particular process). LEM rules offer the ability to use simple and advanced thresholds such as time/frequency and same/distinct to add complexity and significantly reduce false positives.

Correlation Rule Builder

SolarWinds LEM has a built-in Rule Builder that employs an intuitive graphical interface with easy-to-use techniques such as drag and drop options, an icon-based tool panel, and a graphical object selection panel to:

  • Build new rules easily
  • Clone existing rules
  • Customize and edit existing rules

The rule builder interface incorporates familiar easy-to-use techniques such as drag and drop, an icon-based tool panel, and a graphical object selection panel. To further help rule creation, there are additional events and fields on the left-side of the rule builder window that you can to add to the correlation rule. The rule builder uses a logical ‘AND’ or ‘OR’ Boolean logic for rule creation.

In addition to the ease with which new rules can be created, SolarWinds LEM offers more than 700 pre-built correlation rules that cover critical network infrastructure, change management and network security functions.

LEM1.png

 

LEM2.png LEM3.png

Rule Categories & Tags (New in version 5.6)

LEM rules are organized into pre-built categories to better pinpoint use cases like security, IT operations, compliance and change management. There are also sub-categories under each of the categories these to display rules for specific uses.

SolarWinds LEM also allows you to add tags to categorize a rule to make rule search easier. Tagging the rule will associate it with existing rule categories or you can also create a custom categories for new rule that will be displayed the Rule Categories menu. The rules “tagging” feature makes it much easier to pinpoint rules that meet specific needs like compliance, security etc.

Download SolarWinds Log & Event Manager today and easily build correlation rules to alert on and respond to security events happening in your network and enhance IT security.

Watch this short video to learn how to easily create and customize correlation rules using SolarWinds LEM.

Read this blog to understand how LEM performs even log correlation.

1 Comment
Level 15

Thanks for the information.

About the Author
Vinod Mohan is a Senior Product Marketing Manager at DataCore Software. He has over a decade of experience in product, technology and solution marketing of IT software and services spanning application performance management, network, systems, virtualization, storage, IT security and IT service management (ITSM). In his current capacity at DataCore, Vinod focuses on communicating the value proposition of software-defined storage to IT teams helping them benefit from infrastructure cost savings, storage efficiency, performance acceleration, and ultimate flexibility for storing and managing data. Prior to DataCore, Vinod held product marketing positions at eG Innovations and SolarWinds, focusing on IT performance monitoring solutions. An avid technology enthusiast, he is a contributing author to many popular sites including APMdigest, VMblog, Cyber Defense Magazine, Citrix Blog, The Hacker News, NetworkDataPedia, IT Briefcase, IT Pro Portal, and more.