Re: Supported IDS/IPS Sensors/Apps
I am never excited to hear that Cisco has acquired anything really, unless it's a product that needs a good final resting place.
View ArticleClik here to view.
Re: Supported IDS/IPS Sensors/Apps
Hi There,We develop a product called LANGuardian which integrates with the Orion platform. It runs a traffic analysis engine and Snort IDS in parallel. When it comes to the Orion integration you can...
View ArticleClik here to view.
System Center Configuration Manager 2012
Has anybody been able to integrate SCCM with LEM? I get a ton of email notifications about viruses, and I was hoping to integrate them into the SEIM.
View ArticleDoes LEM offer a generic txt/log file connector that we can use to collect...
Almost like the McAfee Connector. I basically just point it to the scan.log and can receive the data that populates in the log file.
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
You have the ability to set LEM to store RAW log data and this includes Syslog data so if your systems in question can send the data via Syslog to LEM then you can capture and store that data for...
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
Hmm this particular application just logs to a flat text file. Is it possible to use LEM to pick that up somehow?
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
If there is a way to do that I am not aware of it. That being said; I think it would be great if the product could so that. Hopefully one of the product managers will chime in and give confirmation if...
View ArticleClik here to view.
Re: Does LEM offer a generic txt/log file connector that we can use to...
Would be nice. I'm afraid I will most likely have to use a 3rd party utility to send the log file via Syslog to LEM then parse it .
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
Yeah, it's worth submitting it and seeing what happens. Not all requests end up being fulfilled, probably for a couple reasons. First, there are a lot of different kinds of logs out there, and not...
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
Not all requests end up being fulfilled, probably for a couple reasons. First, there are a lot of different kinds of logs out there, and not enough time to make connectors for them all. They have to...
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
byrona wrote: By providing functionality within the product that allows customers to create their own connectors (via some type of dev studio) and share them with the community it will help get more...
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
Exactly! That's what the feature request I submitted is for. Having SolarWinds maintain and support connectors is good but why not get the community in on the action also in a way that is supported...
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
So I'm assuming the DefaultReaderConfiguration is where I plug in all the information for the connector itself and the FastToolID is where all the regular expressions go. Or the events from the log...
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
This is too cool. I always thought this would be possible as what they are doing is basically XML transforms. Thanks for sharing!
View ArticleUser Modification Email Alert
We have alerts setup when Groups in AD change (add/remove users) or when a user is deleted from AD. Is there a variable that can be added to the email template that will tell us the specific account...
View ArticleClik here to view.
Re: Does LEM offer a generic txt/log file connector that we can use to...
Hmm run across this one? I got my new connector installed but doesn't want to start. Not sure if you have seen this in creating yours or not. Not sure if its something in my FastPattern causing...
View ArticleClik here to view.
Re: User Modification Email Alert
I added a screenshot of the alert. The alert works but I still am missing the Source Account for the change.
View ArticleClik here to view.
How to detect SQL Injection Attacks?
I am curious how you would configure a LEM correlation rule to capture a SQL injection attack? I see that there is a User Defined Group called "XSS and SQL Injection Vectors" but I am not sure exactly...
View ArticleClik here to view.
LEM's restrictconsole and restrictreports command has no effect
LEM's restrictconsole and restrictreports command has no effect.For example, I settings restrictconsole only allow 192.168.1.1,But the 192.168.1.2 is still can login to LEM console, What steps do I...
View ArticleRe: User Modification Email Alert
When you look for these events in nDepth, what is populated in the SourceLogonID field? I'm not sure that the Windows logs on the DC actually send that information to the LEM, but I don't have an AD...
View Article