Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Browsing all 5385 articles
Browse latest View live

How do I get MAC addresses in an alert when an AP goes down?

I am having trouble getting the MAC address for an AP in an alert when the AP goes down. I am using ${AP_MAC} but it's coming out blank. Does anyone know how to get the mac address? Thanks, Nuruddin

View Article


Image may be NSFW.
Clik here to view.

Re: Using a Threat Intelligence Feed with LEM?

nicole pauls if you get a chance you should check out the service that the folks over at ThreatStream have put together.  I just had a conversation with them today and what they have is pretty awesome....

View Article


Image may be NSFW.
Clik here to view.

LEM Group Filters I Don't See

I've been using LEM for a while now and have a good number of alerts successfully built, so I am getting fairly comfortable with everything.  One thing I have not been able to figure out is why I don't...

View Article

Re: file audit nt authority

Is this service release available yet?

View Article

Re: file audit nt authority

Should be up on the portal tomorrow (if not today).

View Article


Re: file audit nt authority

SWEET!!

View Article

Connection to directory service failed

Good Afternoon all I am running into an issue with my directory services query tool. I am not able to query AD for user groups. I have entered all the information correctly but if I run a test I get...

View Article

FIM is setup. Getting .tmp alerts

I setup the file integrety management (FIM).  However when I setup a directory to monitor I setup  *.zipx files only.  I wanted to be notified when a .zipx file in my directory was deleted.  This...

View Article


LEM as an alternative to purpose-built AD auditing products (ManageEngine,...

We're a LEM customer and are successfully leveraging it for some basic info now.In tandem, I've been running some trial/demo installations of other products that specifically target the AD/NTFS pieces...

View Article


Question on "Correlation Time" in LEM Rules

I am trying to understand this section better.  I need to send an email for when I have "host flapping" on an interface.  Problem is, I need to alert on the first log (unique to device and port) but...

View Article

Image may be NSFW.
Clik here to view.

Upgrade to 6.0.1 Flex error

When I load the GUI after the upgrade I get this error:Flex Error #1001: Digest mismatch with RSL https://10.162.1.40:8443/lem/rsl/TriGeoFlexFramework.swf. Redeploy the matching RSL or relink your...

View Article

Re: Rule Request - Admins Browsing the Web

I need a rule that checks for admins logging on servers and browsing the web. Is this possible? said no Sysadmin ever!

View Article

Re: How do I build my filters in LEM off of a report.

Unfortunately reports are pretty independent from the LEM console, so there's no push-button way to do this. Fortunately reports are easily reproduced or replicated by content that already exists in...

View Article


Re: Rule Request - Admins Browsing the Web

Well... there's a couple of ways to go about it.  One way would be to detect the User Logon, then the launch of a browser process (chrome, iexplore, firefox, etc) from the same user. That'd all rely...

View Article

Re: diskusage stats

Very interesting. That's a big gap.  There is some reserved space (5% of disk I think, to the OS) so the numbers don't always match up exactly, but 40% off is way off. Does it differ depending on what...

View Article


Re: Upgrade to 6.0.1 Flex error

I hate this error. You can try clearing the cached flash object in this thing: Adobe - Flash Player : Settings Manager - Website Storage ... and your browser cache. Sometimes it's as simple as...

View Article

Re: Question on "Correlation Time" in LEM Rules

So, here's the unfortunate deal.... we haven't exposed a way to do a threshold of one, which is what you need. You CAN do this:2 in 10 seconds (alert when you see two of the same event in 10...

View Article


Re: LEM as an alternative to purpose-built AD auditing products...

One of the big difference is auditing and reverting change states. LEM relies on the events to tell you something has changed, whereas server change auditing products tend to do regular checks that may...

View Article

Re: FIM is setup. Getting .tmp alerts

Can you post a screenshot or more details on the FIM monitor config you have set up? We can take a look and try to reproduce.

View Article

Re: Connection to directory service failed

The most common case I see this with is using/not using the FQDN in the directory services setup. But, can you paste the full error from the InternalInfo event? The exception might have more details...

View Article
Browsing all 5385 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>