Hi,
Is there a way to be alerted when a user accesses the deep or dark web or when using TOR ? How can I configure a filter to see these accesses and email alerts?
Thanks
LEM alerts and reports off of the log data given it by a system. So really the question is: How would you tell they are using TOR in your environment?
Do you have an application or device that logs when a certain application is run? Do you look out for specific ports they're using? Are you watching for specific domains?
For instance, if you have a web proxy and they're going out to suspicious domains, that could be captured in the logs or reported to the LEM via syslog and you can configure an alert based off of that data.
The first step is capturing the event in the first place. If you have something that monitors web traffic or outbound connections such as a firewall or proxy or some other device that would generate an event that would indicate someone is using TOR or going to the deep web.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.