Hi Guys, recently I feel that there is a lack of documentation in Solarwinds LEM. When i was questioning about the correlation of the rule template, how it is being triggered and what is the term which they are referring to inside the default rule template, the answer from the support are "short and sweet",
Support: Sorry to inform you that we do not have this documented and full stop.
Then here is my another question to them about the IIS. Solarwinds LEM is capable of collect logs from Microsoft© Internet Information Service (IIS) webservers to troubleshoot operational and security issues easily as mentioned from the Solarwinds Website.
One of the provided example are HTTP POSTs over time. A quick visual scan in the log parser will show an anomaly where the number of POSTs increases. This could be a sign of an attack or improper usage of your webserver.
May i know what other kind of security issue can be identify over here since the website mentioned that it can troubleshoot operational and security issues easily?
Again, they replied saying that do not have relevant KB and article on this.
The reason why i want to find out because we would need to understand in advance so that we can explain to the other customer, if that is the case we told our customer there is no specific document on the rules and a full stop while it is actually part of the feature on Solarwinds LEM. Customer will have bad impression on Solarwinds and after all the impact will still back to Solarwinds. If there is no document on this, I hope Solarwinds can work something on it as they are a lot of customer been asking on this recently.