Re: Solarwinds Agent : reading Nessus Report
Hello, First, thanks for your help.In fact, I'm running the 5.7 agent version.The connector generating the error is the 'Nessus Report' not the 'Nessus Security Scanner NBE report' (I tried both).The...
View ArticleRe: After an undetermined period of time LEM 5.6.0 stops providing real data...
Hi Ian, I would agree with others when pinpointing to the time drift. I have seen this behaviour on customer's systems when their host time is significantly adrift. It is also worth noting that you...
View ArticleRe: "Provide self-service options to end-users to reset password using a Web...
Hi Kal0el, using AD integration is the preferred way. Users have the luxury of using just one set of credentials and you know that the password policy is enforced too (password lockout, password...
View ArticleClik here to view.
LEM Operational Awareness Thoughts
While this isn't a direct Feature Request, I recently read THIS article and immediately though that some of these ideas could be put to use in LEM allowing the product to provide better operational...
View ArticleClik here to view.
GPO modified?
What is the best way to find out if a GPO was modified and what change was made? I've tried PolicyModify and DomainPolicyModify with no luck.
View ArticleLEM vulnerability, how to solve it?
Becauseinformation securitypolicy,Vulnerability scanningmust bedoneusingIPS,There is avulnerabilityscan results follows,How do Irepairit ?HTTP Server Prone To Slow Denial Of Service AttackCVE-2007-6750...
View ArticleRe: LEM agent question
No one answered... fools the customers.. Where is the Solarwinds technical person's answer. Even i created the ticket and its pending for the resolution for more than 10 days. No luck.. ??
View ArticleRe: LEM agent question
Please do not put "This question is Assumed Answered". Bcoz, i do not find any valuable answers for this thread. Thanks. This is my open case ID 559648
View ArticleRe: LEM vulnerability, how to solve it?
According to the 5.7 release notes the following vulnerability was fixed. Not sure which CVE that relates to though.LEM apache vulnerabilities - http delete and get allowed
View ArticleClik here to view.
Re: LEM vulnerability, how to solve it?
I'm not sure this is a "real" vulnerability for the LEM. First off, the LEM's web server should not be externally accessible, so you'd need someone to be trying to DoS you from inside your own...
View ArticleRe: LEM agent question
I pulled that case, and we were told that to close it by the customer about 6 hours ago. Also, @evanr did provide the answer for his version of the issue: " I suspect there may be an underlying network...
View ArticleRe: GPO modified?
I don't think the actual change that was done in GP will show up in the log will it? The closest I could come to see changes was by viewing the operational log under Event Viewer -> Applications...
View ArticleClik here to view.
on 5.7, why is it when I clone a filter, it works but when I create the exact...
I'm new to LEM, but I was trying to create a filter and it was not populating. I figured I had a logic error, so I started from scratch with a basic security alerts filter. Still nothing. Then I cloned...
View ArticleRe: LEM agent question
Sorry for the typo.... Case #559643 - "Node is showing as disconnected state."
View ArticleRe: on 5.7, why is it when I clone a filter, it works but when I create the...
I will assume you are using the AIR console and not the browser. If this is your first launch of the console since upgrading, close and launch the console. If you have upgraded the appliance to 5.7,...
View ArticleRe: LEM vulnerability, how to solve it?
Thank you for your reply,I have some questions,Are LEM can use iptables ?restrictconsole command seems to only prevent access LEM console,but the server itself other services, may not be able defense.
View ArticleRe: LEM vulnerability, how to solve it?
These commands are actually running scripts from the appliance's hardened shell to edit the iptables information. If you look at the screen-shot, you will see you can restrict SSH and Reports access...
View ArticleRe: on 5.7, why is it when I clone a filter, it works but when I create the...
Thanks Garreth, Good point this was the AIR console, but I tried it with the Web console as well this morning and I'm getting the same results. The filter is exactly the same as the security events...
View ArticleClik here to view.
Re: on 5.7, why is it when I clone a filter, it works but when I create the...
Is it possible for you to attach a screenshot of your cloned filter and the filter you clone'd? You're positive that the filter you created hasn't been paused or turned off?
View ArticleClik here to view.
Re: on 5.7, why is it when I clone a filter, it works but when I create the...
Hey Curtis, Here is a snapshot of the rule. It's little hard to see but there is the original security alerts (SA) the SA clone, and the SA test. SA, SA Clone all have over 1000 alerts and the SA test...
View Article