Re: file audit nt authority
well support finally called me back today with no answers other than "let's take some information down and we'll send it to the dev team" now we wait
View Articlehow many conditions can be placed on a rule?
So I have LEM monitoring logs for a host of systems. I recently started to look at a selection of workstations I wish to monitor a bit more closely and placed a rule to alert me when software was...
View ArticleClik here to view.
Re: LEM Security Rules for Firewall Logs
Do you mean help catch security events that might help you detect an intrusion or attempted intrusion, or using LEM as an IDS/IPS? I could not imagine getting LEM tuned enough to actually be the...
View ArticleRe: LEM Security Rules for Firewall Logs
It would be nice to be able to use LEM as the IDS/IPS. But yes I don't feel it fits those requirements yet. That's what we do currently is send our log data to LEM and then use LEM to send us the...
View ArticleRe: file audit nt authority
That's too bad. I even tested the Beta version of the FIM connector w/o being on a domain and I still experienced no issues. Hopefully its something they can easily identify and fix.
View ArticleSupport for MS SQL 2012
Any timeline for when the MSSQL auditor will support MS SQL 2012? Are there alternatives for monitoring MS SQL 2012 audit event with LEM? Perhaps plans for a LogBinder SQL connector? Josh
View ArticleRe: file audit nt authority
Mine's doing the same thing. I have a support case open too. Hopefully they get back with a fix soon--the FIM stuff is very cool--much better than Windows file auditing.
View ArticleRe: file audit nt authority
Did any of you go from 5.7 to 6.0 or just redeploy / fresh deploy 6.0? I'm trying this just to see what happens.
View ArticleClik here to view.
Clik here to view.
Re: Multiple Failed Login attempts by different users but same IP
Just to backup HolyGuacamole with some pictures: You'd want a rule that was at least this complicated: The circled thing is what Guac is referring to. Then you can do this: And that means the LEM has...
View ArticleClik here to view.
Re: how many conditions can be placed on a rule?
I think this is interesting, and I'll have to ask my devs if they know of a limit, but...I think it all comes down to how you're achieving it. For example, let's say that you want a rule to capture...
View ArticleRe: file audit nt authority
That's interesting, after a fresh deploy of 6.0 appliance and fresh agent installs still the same thing.
View ArticleClik here to view.
MSSQL Auditor + Log Shipping
Anyone else have problems running MSSQL Auditor along side TSQL based log shipping jobs? We have log shipping jobs running every 30 minutes from our prod to our dr site. As long as the MSSQL Auditor...
View ArticleRe: file audit nt authority
Interesting for me as well. When I make a change to the hosts file in \drivers\etc\ across the network via UNC pathways from my workstation using an app like notepad, LEM shows NTAuthority\System....
View ArticleClik here to view.
Re: Multiple Failed Login attempts by different users but same IP
Thank you both, but not exactly what I'm looking for I think. Maybe an example would be a bit better. UserA = failed login pc1 (no alert)UserA = failed login pc1 (no alert)UserB = failed login pc1...
View ArticleClik here to view.
LEM - MS Lync logs not appearing within LEM
I think I might know the answer to this already but the Microsoft Lync logs do not appear in my LEM console. Is this because the Lync logs are stored under "Application and Services logs" on the...
View ArticleRe: Multiple Failed Login attempts by different users but same IP
If you drag the DestinationAccount with a Distinct modifier, it should do the trick
View ArticleRe: LEM - MS Lync logs not appearing within LEM
Tom, You're right that by default, the LEM only reads from the Windows Logs. There are a few exceptions, as Microsoft appears to have shuffled where a lot of events wind up in Server 2008 and 2012,...
View Article