4 Replies Latest reply on Jul 22, 2014 1:55 PM by reply.prak

    Need to understand nDepth,correlation,events,filter and alerts

    reply.prak

      Hi LEM Group,

       

      1) I am new for LEM. can anyone please explain that how i can create a rule in LEM that every command and events of firewall(auditing) will be there. firewall i am using is fortinet. however traffic logs are coming but audit logs are not there. like which user hs loged in and what policy he has changed etc.

       

      2) what all we can do from filter.i created a filter for windows file deletion(specific file) and it is showing under monitor tab/console now how will i create rule and action for that?

       

      3)  sun solaris integration is possible with LEM?

       

      4) will appreciate if  some example of correlation rules...

       

      Best Regards

       

      Prak