Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Browsing all 5385 articles
Browse latest View live

Re: LEM - MS SQL Auditor

Sorry I should have been more specific.  I was referring to the profiler logs on the actual box the agent is installed on.  These can grow fast.

View Article


ManageEngine.xml (Password Manager Pro) Syslog Connector not working

For some reason all events are unmatched.  Any insight would be appreciated.   Thanks in advance... Steve Here’s a simple, single event example that maybe someone can identify why the PMPro Connector...

View Article


Image may be NSFW.
Clik here to view.

Rule for failed logon

I see a failed logon in LEM, but I can't get this Rule to work. I want it to send me an email when a logon fails. Do you see any problems with this rule: 

View Article

Image may be NSFW.
Clik here to view.

How to capture failed 'Run as Administrator' events on a Windows domain?

Does anyone have insight into how MS Audit Policy can be used to capture failed 'Run as Administrator' attempts without having to install LEM agents on all workstations?  I've been attempting to...

View Article

LEM Rule for Multiple Failed Logins using multiple account

Hi All, I'm quite new on LEM and I want to make a rule that will give an email alert whenever multiple failed logins were detected from a single source IP that uses multiple account. I've tried...

View Article


Re: Log Event Manager issue

Sir, I didn't add this through appliance.could you sir clear to me this and how do i this process. Now i did following configuration on my cisco switch.logging onlogging host 10.144.1.1logging facility...

View Article

Image may be NSFW.
Clik here to view.

Re: Log Event Manager issue

saroop I created this document to help with agentless nodes, since there seems to be some struggle with it: SNMP and Syslog Connector Creation In this case, you'd want to create a Cisco IOS/PIX...

View Article

Image may be NSFW.
Clik here to view.

Re: LEM Rule for Multiple Failed Logins using multiple account

You will probably want to use Advanced Correlations.  Assuming that your rule is something like this, click the highlighted gear button: Then you can create a correlation like this:That means that all...

View Article


Re: Interested in File Integrity Monitoring with LEM? Seeking volunteers...

I think everyone who replied here received a direct invitation to participate in the beta, but for anyone else be sure to check out this post in the beta forum in case you're a customer under active...

View Article


Re: LEM Rule for Multiple Failed Logins using multiple account

To clarify - using DetectionIP will match for the machine where the logs are being generated. Caveats:If you're monitoring domain controllers, you will see logons constantly from many different users...

View Article

Re: LEM Thoughts of the Week: Do you see yourself as a target for attacks?...

Figuring out who the victim is makes it sound like one of those complicated cop drama shows where they try to demonstrate things are much more complicated than they seem  Users (themselves or the...

View Article

Re: How to capture failed 'Run as Administrator' events on a Windows domain?

Thanks for the response, curtisi.  That would be a great way to capture the events if we had agents on our workstations, which unfortunately, we don't.   At some point, the process of elevating...

View Article

Re: How to capture failed 'Run as Administrator' events on a Windows domain?

IIRC, it won't auth against the domain controllers, because the privilege escalation is attempted locally.  When a 'run as administrator' request is generated, windows checks to see if the user is in...

View Article


Image may be NSFW.
Clik here to view.

Re: How to capture failed 'Run as Administrator' events on a Windows domain?

I guess I should have specified that in our case, the Run As Administrator attempts are being initiated with different credentials (same domain) than the currently logged on user. So this answer makes...

View Article

Re: LEM Rule for Multiple Failed Logins using multiple account

curtisi Thank you for this great guide (with screenshots included) . This is what I want to do.  nicole pauls Thanks for the clarification. I'm currently monitoring DC and other system as well. You...

View Article


Image may be NSFW.
Clik here to view.

Re: How to capture failed 'Run as Administrator' events on a Windows domain?

I'm afraid my environment isn't setup to let me make that work.  Maybe you can do some "Run As..." tasks and then go into the console and run an nDepth search for AnyAlert from DetectionIP from your...

View Article

Image may be NSFW.
Clik here to view.

Re: Log Event Manager issue

Dear Curtisi, Thanks for your help. I have seen this and i did lot of efforts but can't do this. Sir i dont want to add any cisco firwall device just want to add cisco switch using add node from LEM...

View Article


Re: Log Event Manager issue

Connect to the LEM CMC shell:http://knowledgebase.solarwinds.com/kb/questions/3303/Use+an+SSH+client+to+connect+to+your+LEM+appliance Go to the APPLIANCE menu and enter CHECKLOGS.  If you view Local2,...

View Article

Re: ManageEngine.xml (Password Manager Pro) Syslog Connector not working

steven.goldberg@citizensfla.co We have a new connector revision for ManageEngine, thanks to your provided samples.  This is now part of the generally available connector upgrade pack.

View Article

Re: Log Event Manager issue

Dear Curtisi, i successfully connected with LEM in cms shell.What my next step ?

View Article
Browsing all 5385 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>