3 Replies Latest reply on Jul 21, 2017 10:15 AM by marcusmm8

    No docs for connector and other items


      Today setup the Qualys connector, had to guess on how it worked. As I found MANY times before NO documentation what.  So figured I start a discussion about this and see what people think, what took time to figure out and was not obvious right away?

      • When I first starting using LEM watched every video I could find, while the videos are good I could not find what I would consider real world training for a typical setup. Curtis Ingram and Rob Johnson are doing a great job with the new videos over the past month by the way.
        • Think a real world, start to finish, config for a typical customer would go a long way.
          • Examples on how to use each group of rules in more detail
          • More details on how the GUI should work.
        • It took me a bit to understand how to correctly use Incident, video examples would be great
          • Basically all the rules that use Incident create new events, great now what? Well now its obvious!
          • Under Monitor > Security > Incidents you will see whats being created
          • Create a new rule that then watches just these new events, using event name "*Incident" which then can email or take action
      • Console
        • Version 6.1 added the rule wizard which fixed a gripe on setup, very cool start.
          • Email must be added and its enable, can cause an issue, must disable quickly on a live system
        • When I called support and they told me I could not send ndepth or monitor conditions to a rule my mouth dropped :O Even a simple export / import!
        • Add and use a right mouse click function!  AIR/Flex can do it Adding menus to an AIR application | Adobe Developer Connection
        • Limited widget functions. For example on denied ACL traffic I want to see a table with source machines plus the destination ports with a count of each, this would be useful.
          • Basically what the Flow Utilizes can do, don't have sFlow so not useful
        • Option to auto fit the column
        • Out of the box would be nice to have a tag setup for Action types
        • Move some of the console in to an admin section via GUI
          • LEM local logs
          • Connector upgrades
          • Backups scheduling
          • Date and time / NTP
          • Way to see LEMs hardware performance, or maybe add saidar or nmon to list of console menu items to see whats going on via a single page?
        • Save grid settings
      • Policies
        • Warehouse is not being used any longer why is it still an option??
      • Rules:
        • Click on a column to sort, edit a rule and save. The list is then resorted by the name column, this is not cool! Allow the sort to stick even after saving a rule.
        • Filter options in refine result for not enable and not test
        • Option to auto activate rules changes