Re: Parameters not Displaying in E-mail Template
Thanks curtisi! Exactly what I was looking for.
View ArticleRe: Server 2016 Agent Support?
You can download the latest agent installers (mentioned by Justin above) and deploy on Server 2016 via the following links: - Windows Agent Installer- Windows Remote Agent Installer- Windows Remote...
View ArticleRe: LEM Version # in console vs. on client devices
Hey Wolram - thanks for getting back to me. Initially I was pulling the list of machines and their corresponding LEM Agent version from our KACE appliance. I connected to a handful of the devices and...
View ArticleRe: Using *$* In Rules & Additional Questions
Thanks! The KB's are great. It's been a little bit since i originally posted this but by trial and error and watching some videos on the LEM I have made some headway. My teammates within...
View ArticleClik here to view.
Actions within Rules
This will be the first time I create a bespoke rule of my own on the LEM that implements an action for the correlating events. My goal is to get an alert for any new users being added to *admin*...
View ArticleRe: Actions within Rules
In this scenario, you need to provide the name of a domain controller with the LEM agent installed on it for that first field. You may need to define that with a text constant. The other fields can...
View ArticleUsing Time of Day in Rule Correlation
I am trying to create a rule that only sends an alert when an event (I'll spare unnecessary details) happens after hours. In the "Correlations" box, if I add a "Time of Day Sets", but that defaults to...
View ArticleClik here to view.
Re: Using Time of Day in Rule Correlation
Go to Build --> Groups and filter to Time of Day Sets. Customize the built in groups or make your own. In the rules, open the "Time of Day" drawer and then drag the set you want to the rule.
View ArticleClik here to view.
Re: Using Time of Day in Rule Correlation
You would add the time field as the left hand side of the correlation, then drag and drop the appropriate time of day set onto the right side of the correlation. It would look something like this:...
View ArticleRe: Using Time of Day in Rule Correlation
Thank you both! blsanner, I didn't realize you could drag the time field over the pre-populated date, so that did the trick!
View ArticleRe: Sourcefire Defense Center?
Was this connector ever implemented?We tried using "Cisco FirePower Modeul (Sourcefire 3D System)", but it didnt work so I assume that is from the Firepower device itself and not the Management...
View ArticleClik here to view.
Re: Sourcefire Defense Center?
I only see the one SourceFire/Firepower connector still, you will want to reach out to Support and generally follow the process outline by Curtis as before to submit for the connector.
View ArticleLogForwarderClient and EnforceFIPSPolicy
We have noticed that enforceFIPSPolicy enabled=false under windows\logforwarderclient.exe.configThis may be problematic on our system - can this section be removed or be set to true ?Thanks,Tal
View ArticleClik here to view.
SubStringBefore in Rules
This is related to another question, I'm still working on resolving. Until that is resolved though, I was wondering about using part of a field when making rules. Specifically, for my Cisco syslogs,...
View ArticleRe: Using *$* In Rules & Additional Questions
Thanks! The KB's are great. It's been a little bit since i originally posted this but by trial and error and watching some videos on the LEM I have made some headway. My teammates within...
View ArticleClik here to view.
Re: No docs for connector and other items
any configuration guides for qualys connector configuration?
View ArticleRemote Windows instalation
We are replacing several Windows computers. If I use the Remote installation and use get hosts automatically, then select all the computers in the domain, will this reinstall the agent, or will the...
View ArticleClik here to view.
Re: Remote Windows instalation
It will not reinstall the agent, but will install the latest version in its place. So if the agent was already installed with the latest it will copy those same files over and reconnect. If it was an...
View ArticleClik here to view.
Re: Actions within Rules
Thank you for getting back to me on this. This is absolutely the type of learning curve that when you eventually 'get it' it clicks perfectly. Otherwise - it's almost a foreign language. I finally had...
View ArticleLEM Backup fails - SMBv1
We recently tried configuring the backup functionality in a newly installed instance of LEM but couldn't get it to connect to the target network share, If you're have a similar problem, perhaps after...
View Article