Pros & Cons of encrypted (bitlocker) removable media and LEM
Our team has been working on some rules to mitigate threats from removable media. We have had good success with file monitoring, read/writes, and actively responding to executable attempts from flash...
View ArticleRe: Windows Log Subscriptions
So, you are attempting to have LEM grab logs from a correlation server?
View ArticleRe: Windows Log Subscriptions
Not a correlation server. Windows has an event forwarding option. Essentially, workstations will forward windows logs (application, security, system) to a collector, in my case a server. Those logs are...
View ArticleRe: Windows Log Subscriptions
Thanks, I did look into that, I am trying to find a way to collect logs agentless if possible.
View ArticleRe: File writes to usb
I can help you with this, but I am wondering if you are considering the entire scenario. I assume that you want to be alerted when someone who is leaving the organization is attempting to take company...
View ArticleRe: Windows Log Subscriptions
So you'll need to have the agent on the server you want to collect the logs from, and then setup your Windows [Application, Security, System] Log Connectors. I do this on my Domain Controllers to...
View ArticleRe: Windows Log Subscriptions
To collect logs from a Windows workstation or a server, you will need to install the LEM agent on it. You will not be able to forward to a central server, and collect from that. There are various...
View ArticleClik here to view.
Re: File writes to usb
This should give you a good starting point. It's not going to measure the amount of files copied, but you can modify the actions as you see fit. This rule will actually prevent the file copy execution,...
View ArticleRe: File writes to usb
Thanks for the reply I think we are covered on the other methods at the perimeter, its just USB I want to log. Any help really would be appreciated.
View ArticleRe: File writes to usb
Hi yes I can Ill play around with them and see what data I get Thanks
View ArticleRe: File writes to usb
do you know where I get the members of Leavers AD group part from?
View ArticleClik here to view.
Re: File writes to usb
Yes I do. So you'll need to create your LEAVERS group in AD. Then from the LEM console, click on Build >> Groups from the top menu:Then click on the gear in the upper right and click Directory...
View ArticleClik here to view.
Edit rules with email alerts setup
Is there an easier way to see what rules are set to alert via email or do i have to go to each enabled rule and see if subscription is set with email user? i have few rules that firing alerts and cant...
View ArticleRe: Edit rules with email alerts setup
InternalRuleFired events will say which rule made it fire with the InferrenceRule field. I would suggest you run a ndepth query to look for that event in the timeframe that you see the email firing or...
View ArticleRe: Windows Log Subscriptions
Here's another approach at this answer. I don't think people here are aware of this feature - it's something within Windows where you can have Windows systems actually forward Event Logs to a central...
View ArticleRe: Edit rules with email alerts setup
Paul, I would suggest taking the time to go through your E-Mail templates and making them less generic. In other words, if a rule triggers and E-Mail, that E-Mail should contain enough information from...
View ArticleRe: Edit rules with email alerts setup
My issue is using the "default" email template. I am working on customizing the email templates as it goes now. thank you.
View Article