I am very new to this site and my TriGeo/Solarwinds SIM appliance so before I contact tech support I'm hoping someone else has dealt with what I'm trying to do and can give advice or suggestions.
I have a Sophos Spam appliance that is not doing its job and need to see if it's possible to block an entire domain through the TriGeo box? I am happy to provide further details, but first want to see if anyone has experienced this.
Thanks in advance!
Hey Kristy, didn't see an answer to this one. Since we're not an inline device ourselves, the best we can do is tell your other devices to blacklist. LEM can interface with your firewall or an IPS to block IPs, but we don't have anything to interface with mail/spam appliances/servers to block domains.
We do support Sophos Email Security appliances as a connector, though, so you could send the syslog data our way and see if that gives you any evidence that it is/isn't doing its job.