Using LEM to log and report OWA authentication request events
Hello all, I am attempting to configure LEM to audit and report OWA authentication request events. As at time of posting, I have installed the agent to the Domain Controller and Exchange server where...
View ArticleClik here to view.
Re: Using LEM to log and report OWA authentication request events
Update: Since posting, I am able to perform an nDepth search to find failed authentication requests to OWA. Refine the query with the following conditions:WebTrafficAudit.AlertActivityType=HTTP-401 AND...
View ArticleClik here to view.
Re: Using LEM to log and report OWA authentication request events
It's been a while since I had to manage OWA so I'm pulling from a part of my memory that might be hazy, so here's the other way I'd approach it. There should be actual...
View ArticleRe: Error: Search finished prematurely
@wldcu - did the configuration change resolve the issue reported with nDepth search and have you had another occurrence of the issue since the change has been applied? @nicole pauls - I also have...
View ArticleRe: Error: Search finished prematurely
Same here -- 5.6.0 only, never had this problem in previous versions.
View ArticleNeed some help with AD group auditing
I'm using the built-in templates for monitoring group changes in AD. In this example, I'm monitoring a group creation event. Here is what my rule looks like. It fires correctly but the information in...
View ArticleRe: Netapp SnapMirror Logs
SnapManager and SnapDrive are netapp windows applications. SnapMirror is a process that runs on the netapp filer and logs to a text file on the filer itself. I can not confirm, but I have read that the...
View ArticleRe: Error: Search finished prematurely
Yes the configuration change has resolved my issue and the system has been stable since the change. This only started on the latest version for me. Previous versions I had no issues with this.
View ArticleRe: Need some help with AD group auditing
Hi. If I understand correctly, you want the $User variable to give you the name of the user who created the group. Is this correct? If so, set the $User variable to the NewGroup.SourceAccount field....
View ArticleFilters best practices
hello ... I am new to the SIEM tools and a fresh graduate from collage. we are implementing the LEM tool in our company and my boss asked me to find the best practice for the filters, meaning what are...
View ArticleClik here to view.
Re: Need some help with AD group auditing
I swear I tried that ...Guess not. Thanks for the help.
View ArticleNew groups in 5.6
If I recall correctly, one of the features on 5.6 was that it comes with some predefined groups and filters. I see these in the LEM appliance we upgraded in our Test environment (it now has Overview,...
View ArticleRe: Tracking AD changes in LEM
You'll also want to make sure you have the LEM agent on all of your DC's.
View ArticleRe: Filters best practices
Hi, You can refer to the SIEM whitepaper here, it gives an overview of SIEM logs and events. You can also download a fully featured SolarWInds Log and Event Manager here for 30-day free evaluation....
View ArticleRe: Error: Search finished prematurely
Its like due to the fact that in 5.6 the database was changed from a 3rd party tool to a proprietary one. My guess is that since its a brand new feature in a new release that this is an unexpected bug...
View Article5.6.0 Hotfix 1 install.
Anyone else having issues with Hotfix 1 install? I copied the manager folder to my root share. Even tried copying the 2 .zip files and the TriGeo folder to my root share. TriGeo manager version is:...
View ArticleLEM Email Rule from a single node
I have been looking through everything and might have missed it. I am trying to setup a Rule that will notify me when 1 node has an event. For example I have it setup to email me when a user account...
View ArticleRe: LEM Email Rule from a single node
Looks like I figured it out. Cloning the default event wasn't the way to go. Creating a new Rule starting with User Disable allowed me to add groups to define it down to the info I wanted. My Rule is...
View Article