Clik here to view.
Re: Multiple Active Directory Domains
I'd found the article on "Configuring the Directory Service Query Connector" but it's slightly wrong for LEM v6.1.0 onwards, step 2 there is no "Tools" option in the menu instead you need to select...
View ArticleClik here to view.
Re: Connectors Update Error
Thanks for clarifying I have carried out a manual update at this time.
View ArticleRe: LEM Custom Reports
I would like to look at the custom reporting capabilities but don't know where to start.
View ArticleRe: Reports by user
Thanks for the v. useful guide, we have a LEM in a multi-domain environment and have been struggling to schedule custom reports for each domain. Rather than use the "Is Equal To" operator I used the...
View ArticleForce an update for Threat Intelligence
I am trying to troubleshoot some issues allowing the threat intelligence feed access through our firewall. Is there a way to manually kick off an update? I have tried manually turning it off and then...
View ArticleRe: Force an update for Threat Intelligence
Stopping and restarting the manager service should accomplish this.
View ArticleThreat Intelligence
How do I tell if the Threat Intelligence feed is working? The All threat Events has never showed anything (perhaps I don't have any threats for it to catch).Is there anything to check to make sure...
View ArticleClik here to view.
Re: Threat Intelligence
Daily on update there will be a LEM internal even that states wether the threat feed was updated successfully, if your receive this even then threat feeds are working and you just aren't being attacked...
View ArticleHow have you fine-tuned your LEM Event Distribution Policy?
I'm really curious to see what others have done to cut down the amount of unnecessary noise that LEM is pulling in? I've just started to do a thorough review of what we really need to capture. I know...
View ArticleRe: How have you fine-tuned your LEM Event Distribution Policy?
We have a fairly small deployment (~15 million events per day) so haven't needed to tweak any settings in Event Distribution Policy as yet, but I'm keen to expand our deployment and find out what...
View ArticleRe: LEM - Client Reports
We have a multi-tenant deployment as well and find the reporting is a big challenge. LEM is quite good at collecting and reporting on events IF you have a very simple deployment for a single tenant...
View ArticleClik here to view.
Re: Multiple Active Directory Domains
Yes, that is the one you need. The documentation doesn't always get updated which can be a bit frustrating when you're trying to get to grips with the product.
View ArticleRe: Getting error using LEM Reports
Do either of you have any reports scheduled? Do reports work fine when you run them on your own?
View ArticleRe: User Defined Groups - How to Bulk Import
Another interesting tidbit on issues with importing from CSV - I was importing a HUGE list to build the UDG for the Next-Gen Firewall webcast we did a while back and it was struggling in the web...
View ArticleRe: Getting error using LEM Reports
I do have reports scheduled. I don't get error when I run reports. It just errors out overnight. Speaking of having reports scheduled, where can I find a list of my scheduled reports? I have looked in...
View ArticleRe: How have you fine-tuned your LEM Event Distribution Policy?
I can start... Around 50% of our events were ObjectAudits. I picked apart sample after sample and tried to find how these events could be useful to us in any way, and couldn't think of a single use...
View ArticleFilter question
I'm just getting my feet wet with LEM. As I was reviewing the filters in the different categories (Security, IT Operations, Change Management, etc), I noticed I can drag and drop filters into...
View ArticleRe: Filter question
If you create a brand new user, and login as that user, you should get the defaults back. You can then export them (one group at a time), and import them back to the other user
View ArticleClik here to view.
Re: Getting error using LEM Reports
Are all of your scheduled reports completing each day? My guess is that one of your scheduled reports is failing, or not finishing, or something is happening at the end of scheduled reports. The...
View ArticleRe: Getting error using LEM Reports
Yes, they have been running and saving correctly. However, we made some changes to our network share setup, which made them not save to the correct location, so I need to change the settings of where...
View Article