2 Replies Latest reply on Sep 14, 2012 4:18 PM by nicole pauls

    Enterprise Operations Console for LEM... or something similiar?

    byrona

      We are in the process of deploying a managed SIEM service that utilizes LEM.  For each customer that is interested in the service we will likely be deploying a unique LEM appliance.

       

      Is there a way to manage multiple LEM appliances from one centralized location?

        • Re: Enterprise Operations Console for LEM... or something similiar?
          byrona

          Is there no way to manage multiple LEM appliances from one location?  Has anybody else ran into this problem?

            • Re: Enterprise Operations Console for LEM... or something similiar?
              nicole pauls

              Hey Byron,

               

              The LEM console does allow you to connect to multiple appliances from a single console. Go to Manage > Appliances and hit the + to add more appliances. They do have to be reachable from your network, of course, via HTTP (8080) or HTTPS (8443).

               

              With this you get the following behavior:

              • Ops Center Widgets and Filters will show data that matches that criteria from ALL appliances in real time. If you want to have widgets or filters specific to certain appliances, you will need to create versions of them that filter further based on the "Manager" field.
              • Rules, Groups, and Nodes are managed on a per-appliance basis - if you want each appliance to have the same ones, you will have to add them to each appliance. You can SEE them all from one Console (and refine using the dropdown to only show one manager), but they are individually stored.
              • Searches in nDepth search across all appliances, unless you use the Manager field (you'll see an icon that indicates which manager the data came from when looking at Result Details).

               

              Let me know if you need any further clarification or have other questions.