Re: Using a Thread Intelligence Feed with LEM?
Thanks for the info Nicole! I am actually have two different meetings next week to look at Threat Intelligence Feeds, one with a SIEM expert that I have been talking with for over a year on LinkedIn...
View ArticleRe: Managing multiple LEM appliances
Thanks for the info again Nicole! This was kind of building off my earlier inquiry regarding Threat Intelligence Feeds. I was hoping to manage multiple appliances from a single location so that I...
View ArticleClik here to view.
Re: nDepth graph days mixed up
It's a UserLogonFailure for a specific user, with Last Week in the time dropbox. It's like the record was written with the actual-time correct but the timestamp is wrong...
View ArticleRe: Is it possible to have the detection time reflect the local time of the...
Nicole, Thanks for your response. As we have nodes located in different time-zones; I believe it would make sense to have the “DetectionTime” always reflect the local time...
View ArticleRe: nDepth graph days mixed up
Thanks, we confirmed - looks like any "Last Week" search can show Wednesday instead of Monday there. The tooltip and the data are correct, so it's just cosmetic. Good find. We filed a bug to fix in an...
View ArticleRe: Not receiving events from Cisco 4260 IPS/Cert Issue?
Nicole, Thanks for the reply. Opening a ticket with SolarWinds Tech support fixed my issue.SolarWinds had me load 6.0.1RC16.0.1RC1 fixed two issues:1. There was a timeout issue between LEM and the...
View ArticleUsing a Threat Intelligence Feed with LEM?
I am curious if anybody out there is using LEM in conjunction with a Threat Intelligence feed? I realize that LEM doesn't currently accept any of the feed protocols; however, I have seen that some...
View ArticleClik here to view.
Re: Using a Threat Intelligence Feed with LEM?
We keep an eye on this question to see what we can integrate with natively, but so far haven't heard much of it.I guess my question would be; what options do you provide for Threat Intelligence Feeds...
View ArticleRe: Network Events Widget - What is it looking for?
I have a couple of switches pointing to it, but nothing yet. The agents installed on some Windows 2008r2/2012 servers won't pull in anything regarding ports/protocols/services being used by the server...
View ArticleRe: Using a Threat Intelligence Feed with LEM?
Right now the only real option IS the import CSV to UDG. Effectively the "Import" on a UDG can import a CSV. Mentioned here: Log & Event Manager v5.7 RC Now Available: Scheduled Searching, License...
View ArticleRe: Managing multiple LEM appliances
That sounds right. We built this ability so that people could distribute LEM appliances and monitor from a single place - usually it's a single environment with multiple departments or regions (like a...
View ArticleRe: Using a Threat Intelligence Feed with LEM?
Awesome, thanks Nicole! I will go ahead and give this a try as soon as I can.
View ArticleRe: snort output server setup
Yes the promiscuous NIC is the device that should be listed in the .conf file. So for example our physical box has 3 nics. Our management interface, our internal LAN, and our DMZ network. We have...
View ArticleRe: Network Events Widget - What is it looking for?
Ah, usually with switches we just see infrequent error messages and config changes, not a ton of exciting stuff. For Windows servers, the Windows Filtering Platform data (from the windows firewall)...
View ArticleClik here to view.
LEM and Deep Packet Inspection?
Now that SolarWinds has rolled out Deep Packet Inspection with NPM is there any possibility in moving that capability over to LEM? My reason for asking is because I am curious if LEM has a possible...
View ArticleClik here to view.
How can I add our Barracuda Archiver 650 into Log and Event Manager?
Looking to monitor login attempts, failed logins, and any other security related option with our archiver. Any ideas? I'm fairly green when it comes to working with LEM
View ArticleRule Request - Admins Browsing the Web
I need a rule that checks for admins logging on servers and browsing the web. Is this possible?
View ArticleClik here to view.
Re: How to determine what groups are actually available with the DS Query Tool
Any updates nicole pauls?
View Article