SANS released an updated list of their critical log categories recently. Some good recommendations especially if you're new to log management.
How easily can these be achieved using LEM?
Can the LEM team include them in the LEM ready made filters as a new filter group for example?
OT, SANS also had their top 20 critical security controls last year. I think it's a good marketing opportunity for Solarwinds to show how their products can be used to achieve these controls.
Solved! Go to Solution.
There wasn't really a good way to answer this without taking notes on all of them, so here's some (relatively) quick thinking... let me know if you want to drill into any of these or need more specifics somewhere.
I am building my own document around the SANS list and also wanted to say thank you for the reply and to add that I have also been using the following to help create Rules/nDepth searches:
How do you update a UDG using a CSV file as you mention above? I followed the SolarWinds KB to modify a KB but I don't see an import option or another way to insert a CSV file. Thanks
There's actually a set of instructions here - Log & Event Manager v5.7 RC Now Available: Scheduled Searching, License Recycling, and More! - look for "Import User-Defined Groups from CSV files". (I had to look it up myself recently )
That Windows Security Logging Esoterica blog is one of my favorites, I am sad that it's no longer maintained.
You might also find some of Randy Franklin Smith's past presentations on things like Logon Failures interesting, in some of them he goes through some of the detail on where actual events occur and why they might not occur where you think they do.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.