cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

SEM Rules/Alerts on Certain Nodes

Jump to solution

Hello all, need some advice! I'm getting ready to go through a SOC 1&2 audit and need to show were pulling and alerts on certain logs/event on specific nodes. I currently have 60 nodes in SEM but only 20 are in scope so Id like to be able to build rules and email alerts on that specific 20 for the audit, is there a good way to do this? Thanks much! 

Labels (3)
Tags (3)
0 Kudos
1 Solution
Product Manager
Product Manager

User Defined Groups is the best approach and you can view the steps to configure them here. You can create a group of 'in-scope' machine and then easily create rules/filters for those particular machines. For example, this rule would look for any userlogon failures on the machines within a particular group:

Screenshot 2020-03-13 at 11.15.01.png

View solution in original post

2 Replies
Product Manager
Product Manager

User Defined Groups is the best approach and you can view the steps to configure them here. You can create a group of 'in-scope' machine and then easily create rules/filters for those particular machines. For example, this rule would look for any userlogon failures on the machines within a particular group:

Screenshot 2020-03-13 at 11.15.01.png

View solution in original post

Perfect, thank you much for the info!

0 Kudos