Clik here to view.
Re: LEM's restrictconsole and restrictreports command has no effect
Have you applied a license and run the ACTIVATE command in the APPLIANCE menu of the CMC shell?
View ArticleRe: How to detect SQL Injection Attacks?
Hi Byrona, There is actually a sql injection rule already in place within LEM. Basically the rule analyzes web traffic from firewalls, ids/ips, and other devices looking for those injection vectors...
View Articlecomplex ndpeth query design
I am experiencing difficulty in creating a query for ndepth that will show me the following information. I have traffic that I am trying to locate that could be sourced from a group of 4 IP addresses....
View ArticleClik here to view.
Re: complex ndpeth query design
I think I might have the 4 and 3 backwards, but I think something like this would work: If it's ANY of the Destination IPs, group 1 is true.If it's ANY of the Source IPs, group 2 is true.If group 1...
View ArticleSIEM: More like Monitoring or Anti-Virus?
As I continue to work more and more with LEM and SIEM technology I found myself thinking that SIEM is generally treated (by users and vendors) more like a monitoring system and less like an anti-virus...
View ArticleClik here to view.
Re: How to detect SQL Injection Attacks?
Awesome, I swear I looked, not sure how I missed that. Thanks so much!
View ArticleRe: After an undetermined period of time LEM 5.6.0 stops providing real data...
Well I thought I'd update this post as it seems (fingers and toes crossed) that the issue has been resolved with an upgrade of all the agents and the LEM software to the latest release of v5.7.0. I've...
View ArticleWeb console slowness
Having some very weird slow down issues when viewing LEM from the Web console and the local console. At first I thought maybe it was some extra traffic through our VPN tunnel causing the slowness....
View ArticleClik here to view.
Re: Does LEM offer a generic txt/log file connector that we can use to...
VOTE!!!http://thwack.solarwinds.com/ideas/3298#comment-172942
View ArticleRe: SIEM: More like Monitoring or Anti-Virus?
This is definitely the vision of SIEM - to have some kind of real-time top of the moment detection of issues. Here's a couple of related thoughts.... With LEM, and with some other products, we tried to...
View ArticleRe: LEM's restrictconsole and restrictreports command has no effect
Are you running version 5.7? We know there was an issue with restrictreports at least in version 5.6 that may cause this behavior.
View ArticleRe: Is IIS 8 supported yet? If not, is there a way to make it work?
We've confirmed with our QA team that IIS8 DOES in fact work, but there are similar problems with IIS8 as there are commonly with IIS7. You'll need to go into the IIS logging configuration (in Logging,...
View ArticleRe: User Modification Email Alert
Usually SourceAccount is the account making the change, and DestinationAccount is the account that was changed (with group events, you also get MemberID - DestinationAccount is the group that was...
View ArticleRe: SIEM: More like Monitoring or Anti-Virus?
Awesome response nicole pauls! I realy do like the approach that you guys have taken with the LEM product "instead of writing rules that expose very specific attacks/viruses, write rules that expose...
View ArticleRe: SIEM: More like Monitoring or Anti-Virus?
You know, we're really hoping to create the same kind of engagement, where folks on Thwack can learn from each other with a little bit more real world examples (just talked to another frequent Thwack...
View ArticleRe: SIEM: More like Monitoring or Anti-Virus?
If it was a problem du jour type thing, we could probably seed it with something new we discovered this week, like "hey, this week we heard the Target breach was because someone had infiltrated their...
View ArticleRe: Does LEM offer a generic txt/log file connector that we can use to...
Thanks for sharing the info! Its good to know there are things being discussed and thought of. Most of us will be excited to see them in some release notes soon! Sohail
View ArticleSecurity patches for LEM
Hi, I am new to LEM . We use it for PCI DSS Compliance, which requires to install security patches etc. periodically. Hence I am curious to know that if we need to update the base operation system of...
View ArticleClik here to view.
Forward http to https
Hi LEM is running on 8443 ( over https) but also on 8080 (over http). For obvious security reasons, we need to stop/forward traffic from http to https. Is there any advise how to do it?
View ArticleRe: Forward http to https
Once you have a license applied, you can run the ACTIVATE command under the MANAGER menu. SolarWinds Knowledge Base :: Activating SolarWinds LEM Virtual Appliance Part of this activation is to disable...
View Article