Best endpoint protection and hardening for LEM VM?
We want to stay extremely hardened, so I'm curious if there are any extra tips for hardening our Log & Event Manager VM?
View ArticleRe: LEM Reports; only some reports working?
I started a ticket. I'll let you know what comes about.
View ArticleClik here to view.
Re: LEM Reports; only some reports working?
I forgot to mention that I even tried using a different user "Reports" with the Reports Role. I also verified the ntpconfig and tzconfig. So I am getting a hold of support.
View ArticleRe: LEM Reports; only some reports working?
Looks like the problem was with my TLS settings. They got wiped out after the upgrade/uninstall process. TLS was disabled on the LEM Appliance, and after reinstalling Reports I forgot to add the...
View ArticleRe: LEM Reports; only some reports working?
Oh yeah, and the Reports application needs to run with "Windows 7 Compatibility" in addition to Run as Administrator.
View ArticleClik here to view.
Re: How do you install and configure the LEM Reporting tool?
Also when working with Windows 10, I was instructed to run with Compatibility mode for Windows 7. Now it works great.
View ArticleClik here to view.
Re: How do you install and configure the LEM Reporting tool?
Something that I found helpful when working with the manager Configuration > Credentials is the button is the "Save". Coming from a mostly windows background I was sceptical about clicking it...
View ArticleRe: Unable to create a Directory Service User
That's why I gave a list of the steps to follow for just LDAP. You only need Kerberos if you want pure SSO.
View ArticleRe: Unable to create a Directory Service User
Sorry, I'm not following you. Your post says "...to enable LDAP authentication, you'll need to look at this document..." Then you link to a document called: "Configure Single Sign On". That's what...
View ArticleRe: Unable to create a Directory Service User
Yeah, I get you. We don't have a document specifically for the LDAP portion of the setup, but all the LDAP steps are contained within the steps for SSO configuration. So, open the SSO doc and then...
View ArticleClik here to view.
Re: Agent Event Caching and Delivery to Manager
Hi afiore, curtisi provided some information in this thread that may be helpful: Agent Cache Size I'm not aware of any specific internal events to capture the scenario mentioned in point #2, but I...
View ArticleTrouble setting up collection from FortiMail 5.3 to LEM
Trying to get a FortiMail 400C v5.3 Mail Gateway to send Syslogs to my LEM. I am using the FortiMail Email Security Appliances>FortiGate-2.8 connector.I have the correct IP address and port in the...
View ArticleRe: Trouble setting up collection from FortiMail 5.3 to LEM
Tim, Can you try sending that log data to a different facility than the Fortigate Firewalls and turning the level up to debug? That should show data pretty quickly. Alternatively, when you're in...
View ArticleClik here to view.
Re: Trouble setting up collection from FortiMail 5.3 to LEM
curtisi, Thanks for the quick response. I had previously tried changing the facility level to local2 and the severity level was already at the lowest level, Information (FortiMail does not have a debug...
View ArticleLEM ver 6.2.1 - nDepth search by Name and by IP return different results -...
Internal audit is performing searches on a sample set of network devices and noticed that we get different results (both record count and event types) when performing an nDepth search by IP address or...
View ArticleLEM Logs Gathering documentation
Hello,Is there any documentation that mention what type of logs LEM can gather from the integrated devices (AD, SQL, Firewall,...)?
View ArticleRe: LEM Logs Gathering documentation
You can collect a LOT of information with LEM from a lot of sources. Maybe it'd be easier if you could specify what you're looking to collect and we can confirm or deny the LEM gets that information?...
View ArticleRe: LEM ver 6.2.1 - nDepth search by Name and by IP return different results...
The easiest answer is that some events are logged by name while others are logged by IP, but let me back up and explain The "IP Address" field is effectively a shorthand field that is the same as...
View Article