1 Reply Latest reply on Feb 9, 2015 4:04 PM by solarwinds@demarctech.com

    Who is using LEM for PCI DSS?


      I am looking at LEM to fulfill the PCI DSS requirement 10. The auditing team has said that in the event of a breach we should be able to recreate all aspects of access. So we would want to know who, when, where, and what. I have only ben using LEM for a few weeks and find the nDepth portion very complex to navigate and get the data I need. Are people using LEM for this recreation process?


      Also can LEM serve to tell me when user accounts are beyond 90 days old without access? What kind of automation can I do with LEM that will allow daily review of logs? Also what kinds of alerting can be done with LEM?

        • Re: Who is using LEM for PCI DSS?

          I am working on a project like yours now. And agree that nDepth is more complex then it needs to be, at first, it takes time to understand why things are setup they way they are.  My biggest grip is not being able to use filters I create in monitor in nDepth and the other way around, PINA.  


          The LEM is only going to report on data that comes in via the logs thus is a user does not login nothing for the LEM to see.  The way you find older accounts is via logs from other systems that are doing scans of AD and reporting on it.  For example one of the Identity and Access Manager connectors can be setup to log this data which the LEM can act on.  Also you could create a powershell script that runs on a schedule and reports to the event log, the LEM could then act on this data.  If you are really creative might be able to do something with SNMP.