Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Browsing all 5385 articles
Browse latest View live

Re: software installation/installation operation event

It may vary.. from HP customer experience to others

View Article


Re: Default Filters

As it is right now, you can import/export a configuration (including all your filters and other settings, or just filters), but with the web console there's not really a way to set a 'default' without...

View Article


Re: Default Filters

Even with Root Linux passwords?

View Article

Re: Default Filters

That would be a bad idea to copy those directly on the operating system and untested.  Those files are stored in profiles specific to each person. Unfortunately the only way to do this for now is as...

View Article

Re: Default Filters

this one is related, Share Filters, Searches and Widgets

View Article


Image may be NSFW.
Clik here to view.

Re: software installation/installation operation event

Cursory search on google: https://goo.gl/hd0uHd I would start there, even though those errors are 1-6+ years old, it is the #1 search result for that event ID. tl;dr - WMI queries against the...

View Article

Need some help creating an alert

So I had this email enabled alert created before (prior to one of my previous upgrades) and it was working great. However at some point during one of our LEM upgrades the alert appears to have stopped...

View Article

Re: Need some help creating an alert

Are you getting other emails/alerts? Are you getting other emails/alerts from that source?  Assuming the log data is still coming in, the most common reason is clock drift, but it could also be a...

View Article


Image may be NSFW.
Clik here to view.

Re: Need some help creating an alert

Yup, all my other email alerts are working just fine. Seems to be just this one alert.I ended up deleting it and now I'm attempting to create a new one.Of course I have to figure out what hoops to jump...

View Article


Image may be NSFW.
Clik here to view.

Help with local admin filter

What is the event name if i want to track new/deleted local admin? Would event name NEWGROUPMEMBER with DestinationDomain of "builtin" work? Basically anytime a user is added to the...

View Article

Image may be NSFW.
Clik here to view.

Authentication - Unknown User Rule isuue

Hi All, I am new to LEM and have been learning the system for the last week or two, I have searched the internet to find the so;ution to no avail.Anyone can assist me on fixing this issue? How can I...

View Article

Image may be NSFW.
Clik here to view.

Re: Help with local admin filter

Correct. I just tested the following filter & it is capturing new Local Admin accounts being created: 

View Article

Image may be NSFW.
Clik here to view.

Re: Authentication - Unknown User Rule isuue

Hi Sam, You will need to setup the 'Directory Service Query Tool' connector within LEM in order to integrate with AD. See here for steps to follow. You can then use the 'Directory Service Groups'...

View Article


Re: Kaspersky Endpoint 10

Hi, LEM cannot collect logs via WMI & the template mentioned above is a Server & Application Monitor template. SAM can monitor your Kaspersky server via WMI & can monitor services,...

View Article

Active Directory Disabled accounts

In the "directory service" group for "domain admins", i am seeing accounts which are disabled in the domain.Is there an indicator to show disabled accounts in the group? Are they supposed to show at all?

View Article


Image may be NSFW.
Clik here to view.

Re: Need some help creating an alert

don't forget to sacrifice the right chicken!

View Article

Looking for any and all sources for clicks to a specific URL

Suspect URL:click.diversifiedemail.com/  I'm trying to find out what hostnames have been the source of clicks to that URL.  not usernames, that doesn't help me, just hostnames. Any ideas? I've dug...

View Article


Image may be NSFW.
Clik here to view.

Re: Looking for any and all sources for clicks to a specific URL

Hi, Your condition for a filter/rule would look something like this:  Assuming you are collecting logs from a proxy/firewall/router to obtain information on URL hits? Can you see those logs within LEM?...

View Article

Image may be NSFW.
Clik here to view.

Re: Looking for any and all sources for clicks to a specific URL

Ahh I was so close!   Thank you for the help.  it's working like a champ.

View Article

LEM: Connector profile setting for Windows Server 2012 and MSSQL 2012

Hi, I am trying to create a connector profile for Windows Server 2012 and MSSQL 2012, below are my requirements:   SQL VersionServer OS2012 R2Windows Server 2012 R2 Standard2012 R2Windows Server 2012...

View Article
Browsing all 5385 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>