Clik here to view.
Re: Recognizing A Sequence of Events
Aha. Thanks for that. So... Based upon the Correlation image you included above, and assuming that URL-A and URL-B are different enough that they won't ever occur at the same time on a log record,...
View ArticleLEM Report Manager fails ping test
Just installed the LEM reporting tool on a Windows server. LEM is running 6.1, Report Manager is 6.1. When I try and configure the manager info I get ping failed using the manager name or the IP. I can...
View ArticleSwitching from old LEM to a new LEM for agents
We recently switched from one LEM to a new LEM. This was done to start over since the old LEM was barely usable. The new LEM has the same IP and host name the old one did. The old one has been changed...
View ArticleRe: LEM Report Manager fails ping test
First, the latest version of LEM is 6.3.1HF4 (as of May 11 2017). Upgrade the appliance and the Reports console! Second, I see the ping fail when Reports isn't running "As Administrator." Even if...
View ArticleClik here to view.
Re: Switching from old LEM to a new LEM for agents
Shawn, The Agents won't automatically reconnect. When they connected to your original LEM, they would have exchanged certificates for encrypting the log traffic. These certificates are not going to...
View ArticleClik here to view.
WannaCry Alert
Has anyone created a WannaCry LEM alert. This threat might have subsided due to the Kill switch but I am thinking others are coming. Based on a few blog posts I have read I created a rule that looks...
View ArticleClik here to view.
Cluster Mode Netapp File Auditing
I cannot seem to get LEM to read the .evtx file that Netapp is generating.This postNetapp Clustered Data ONTAP CIFS auditing to LEM has been answered but in the same post at a later date is this...
View ArticleRe: WannaCry Alert
Well i wanted to have it kill network but its asking me for an agent and i don't know what to put in there.
View ArticleRe: LEM Report Manager fails ping test
Running as an administrator resolved the issue. Thanks for that tip. I'll take a look at the upgrade process for the LEM appliance once I've had a chance to play with the reporting functions a little.
View ArticleRe: WannaCry Alert
Are you able to monitor file creation without the agent and FIM going?
View ArticleRe: WannaCry Alert
I got an error when i added in the action disable Networking, needs agent details.
View ArticleClik here to view.
Clik here to view.
Re: WannaCry Alert
My question is that I am only getting logs from my file server. The file server is my biggest concern, it has the LEM agent installed and is setup as FIM. So if my PC writes a file to the file server...
View ArticleRe: WannaCry Alert
What kind of setup do you have in your FIM connector to detect file name changes? I have not been able to get a combination that will detect file name changes for some reason yet.I think your rule...
View ArticleClik here to view.
Clik here to view.
Re: WannaCry Alert
jeremymayfield ... I believe you would just drag the FileAudit.DetectionIP over to that field:
View ArticleClik here to view.
Re: WannaCry Alert
dcokers ... That would be normal.... You would have to be specifically monitoring those nodes in LEM in order to get alerts from or disable them.
View ArticleClik here to view.