Hi LEM Group,
1) I am new for LEM. can anyone please explain that how i can create a rule in LEM that every command and events of firewall(auditing) will be there. firewall i am using is fortinet. however traffic logs are coming but audit logs are not there. like which user hs loged in and what policy he has changed etc.
2) what all we can do from filter.i created a filter for windows file deletion(specific file) and it is showing under monitor tab/console now how will i create rule and action for that?
3) sun solaris integration is possible with LEM?
4) will appreciate if some example of correlation rules...
Best Regards
Prak