2 Replies Latest reply on Oct 25, 2012 9:25 AM by mikesmith

    LEM and required rules for compliance


      Sorry everyone, newbie LEM question


      I'm ok running the LEM and understand the alerts and rules but before I dig and dig to understand what rules are required for a compliance report, is there a list that has which rules are required for each of the compliance report groups in the REPORTS application?  List of device types where the information would come from?


      Yes, I'm cheating by asking but this is not school and as we know in business stealing is the fastest way to make the boss happy.  I just have not see this from SolarWinds yet and I've found good stuff here already so let me know your thoughts.

        • Re: LEM and required rules for compliance
          nicole pauls

          The LEM Reports (and a lot of LEM content) is oriented around the types of events, not so much the types of devices. Technically, any device could generate a "new user" event, for example, so we've got a report that includes all "new user" events since (generally) all of them will be relevant for change management tracking. This lets you pool like events from dislike devices, but it also means it's difficult to say which devices go into which reports explicitly.


          All of the "Change Management Reports" in the reports application have corresponding rules in the rule builder, and overlap with some of the real-time monitoring filters (e.g. "Change Management Events").


          The other reports are generally going to be more broad for compliance and auditing, and what you see in reports might not be what you want to see in real-time or be notified on because of volume issues. File auditing is a good example of this - you might audit a lot of files, but only want to be notified when certain critical files are changed. Auditors want to know you know everything, but you're really only concerned with a subset of high risk data or types of modifications. The rules we've built in LEM that are out of the box and compliance-related are more of the real-time change monitor stuff versus the reams of paper auditing stuff. Filters are somewhere inbetween, you can build them to be broad or specific.


          As an aside, we're looking into adding categories in the rules that match the categories in the reports which will make this way easier to identify out of the box.


          We have some internal documentation about different compliance and "best practice" type stuff that we just haven't had a chance to formalize and publish. I could steal some highlights from that if you've got anything specific you're looking for, compliance-wise.

            • Re: LEM and required rules for compliance

              I like these thoughts and path that would seem to be coming.  I don't want to 'dumb down' the product too much and make it something that any monkey can do and think they are doing compliance as we all know its not that easy.  I think having the best practice would be a very good start as I'm not looking to receive an email for each of the rules, but need a better way to get the compliance reports working than reviewing each rule.


              I think adding the categories would be a good step forward for the product set and I believe would have fully answered my question.  Many of our customers are looking to reduce the cost of their PCI and GLBA compliance and we're looking to gain position with them, so if you could share some of those practices or work inside of Solarwinds to elevate and publish them would be a good step forward for us and I hope others.