Re: software installation/installation operation event
It may vary.. from HP customer experience to others
View ArticleRe: Default Filters
As it is right now, you can import/export a configuration (including all your filters and other settings, or just filters), but with the web console there's not really a way to set a 'default' without...
View ArticleRe: Default Filters
That would be a bad idea to copy those directly on the operating system and untested. Those files are stored in profiles specific to each person. Unfortunately the only way to do this for now is as...
View ArticleRe: software installation/installation operation event
Cursory search on google: https://goo.gl/hd0uHd I would start there, even though those errors are 1-6+ years old, it is the #1 search result for that event ID. tl;dr - WMI queries against the...
View ArticleNeed some help creating an alert
So I had this email enabled alert created before (prior to one of my previous upgrades) and it was working great. However at some point during one of our LEM upgrades the alert appears to have stopped...
View ArticleRe: Need some help creating an alert
Are you getting other emails/alerts? Are you getting other emails/alerts from that source? Assuming the log data is still coming in, the most common reason is clock drift, but it could also be a...
View ArticleRe: Need some help creating an alert
Yup, all my other email alerts are working just fine. Seems to be just this one alert.I ended up deleting it and now I'm attempting to create a new one.Of course I have to figure out what hoops to jump...
View ArticleHelp with local admin filter
What is the event name if i want to track new/deleted local admin? Would event name NEWGROUPMEMBER with DestinationDomain of "builtin" work? Basically anytime a user is added to the...
View ArticleAuthentication - Unknown User Rule isuue
Hi All, I am new to LEM and have been learning the system for the last week or two, I have searched the internet to find the so;ution to no avail.Anyone can assist me on fixing this issue? How can I...
View ArticleRe: Help with local admin filter
Correct. I just tested the following filter & it is capturing new Local Admin accounts being created:
View ArticleRe: Authentication - Unknown User Rule isuue
Hi Sam, You will need to setup the 'Directory Service Query Tool' connector within LEM in order to integrate with AD. See here for steps to follow. You can then use the 'Directory Service Groups'...
View ArticleRe: Kaspersky Endpoint 10
Hi, LEM cannot collect logs via WMI & the template mentioned above is a Server & Application Monitor template. SAM can monitor your Kaspersky server via WMI & can monitor services,...
View ArticleActive Directory Disabled accounts
In the "directory service" group for "domain admins", i am seeing accounts which are disabled in the domain.Is there an indicator to show disabled accounts in the group? Are they supposed to show at all?
View ArticleLooking for any and all sources for clicks to a specific URL
Suspect URL:click.diversifiedemail.com/ I'm trying to find out what hostnames have been the source of clicks to that URL. not usernames, that doesn't help me, just hostnames. Any ideas? I've dug...
View ArticleRe: Looking for any and all sources for clicks to a specific URL
Hi, Your condition for a filter/rule would look something like this: Assuming you are collecting logs from a proxy/firewall/router to obtain information on URL hits? Can you see those logs within LEM?...
View ArticleRe: Looking for any and all sources for clicks to a specific URL
Ahh I was so close! Thank you for the help. it's working like a champ.
View ArticleLEM: Connector profile setting for Windows Server 2012 and MSSQL 2012
Hi, I am trying to create a connector profile for Windows Server 2012 and MSSQL 2012, below are my requirements: SQL VersionServer OS2012 R2Windows Server 2012 R2 Standard2012 R2Windows Server 2012...
View Article