2 Replies Latest reply on Mar 17, 2015 2:24 PM by jeremyxmentzell

    LEM Event Severity Filter

    jeremyxmentzell

      I'm looking to grab individualized severity levels in a filter. Anyone know a way to go about this intelligently?

      Ideally I'd have a user generated filter group that says "Severity" then underneath of it I would have a filter for Level 0, Level 1, Level 2, etc. (I'll be more concerned with Level 6 & 7 since apparently I'm moonlighting as a Security guy these days too - who knew?! )

       

       

      OR do I need to add all Event Types and specify the Severity Field = 0 etc. and make a giant monster filter? Anyone even try this or have I gone off the deep end of the LEM diving board?

       

      Thanks!

        • Re: LEM Event Severity Filter
          rufat87

          This is what I have to trap events with the severity levels higher than 4. Pretty simple. But then you have to realize what information is being pulled into LEM in your case. I have some firewalls reporting to it and those have different severity levels of their own that do not match the levels assigned to them by LEM.

           

          In many cases you can be very specific about the events you want to be informed based on their severity levels, if LEM allows that event's severity information to be used in the condition for a rule\filter.

           

          severety levels.JPG