The reason I ask is because I want to get this right the first time If I disable the wrong USB I could break close to 1500 machines - so I'm treading lightly.
I basically need to allow (2) certain USB devices. One is a an 'aladin' usb stick used by our field vendors. The second is actually an SDcard for our SSD systems. The SDcard is used for data backups - but Solarwinds is recognizing it as a USB device. No problem there, I just need to make sure that is on the whitelist as well.
Oh, I blocked all USBs when I got this system 6 years ago! LOL.
Just get in there and test everything with only your pc or account.
You can set up email notifications to let you know when users are trying to plug a USB that is not authorized - 0.0
This is a great walk through thanks bluesmilie!
1. Create a Group
2. Create a Rule
Group: Name it whatever such as USB Whitelist or Authorize USB List
Name the deivce whatever you want. I ususally name it as it is detected from the Event Info, such as Kingston_Encrypted_4GB_NetworkAccount
The Data on the other hand has to be the Extraneous Info detected by Solarwinds, such as USB\VID_04B9&PID_1202\7&2EEFC4ED&0&1
The Description is for your own notes. I ususally put in the name if the user followed by the request ticket number and when I added this device.
So what counts here is the DATA! It has to match exactly, no typos or spaces.
Rule: Name it whatever such as USB Rule
SystemStatus.EventInfo = *attached*
SystemStatus.ProviderSID = *USB*
SystemStatus.ExtranousInfo <DoesNotContain> (group: Authorize USB List)
1 Event within 15 seconds/10 min response window
Detached USB Device