Re: Unsusual or Suspicious Traffic
I know that in the new version (6.1) these rules will no longer be enabled by default, but I did make a chart of the ones tat are enabled by default in 6.0.1 and previous. I'm sharing it here, in case...
View ArticleHow can I pull a report on one user logging in and out
I need to create a report showing when one user logged for the day and then out. Trying to confirm there time sheet.
View ArticleHow can I log when a file is opened using Object Access Auditing?
Hello, I am trying to log every time files in a specific folder are actually opened, but I am having troubles. I have Object Access Auditing for success and failure turned on in the local computer...
View ArticleRe: How can I pull a report on one user logging in and out
First of, it is best to capture this activity on the user machine itself since the domain controller will only log the authenticated access but not the logout. Next, Create a Event Group from BUILD...
View ArticleRe: How can I log when a file is opened using Object Access Auditing?
Have you followed the instructions as per the KB below? http://knowledgebase.solarwinds.com/kb/questions/3454/How+to+enable+file+auditing+in+Windows Bear in mind LEM Agent has inbuilt FIM capabilities....
View ArticleClik here to view.
Re: How can I log when a file is opened using Object Access Auditing?
Yes if you read my question I have already done what is in that KB. Where are the instructions for using the LEM FIM connector?
View ArticleClik here to view.
Re: How can I pull a report on one user logging in and out
Using the Reports console, you could run something like the Authentication - Log On/Off/Failure Report. Run it for a short span (like 30 minutes), then use Select Expert to filter for the account you...
View ArticleRe: How can I log when a file is opened using Object Access Auditing?
Log & Event Manager v6.0 RC Now Available: File Integrity Monitoring Included! see instructions in the blog post above
View ArticleNew version of the NERC CIP standards
New versions of the NERC CIP requirements will come into effect on Apr 1, 2016, and I am looking for some guidance on using LEM to satisfy the following requirement: Develop a baseline configuration,...
View ArticleRe: New version of the NERC CIP standards
I'm not sure where you got this nice summary, but I went looking here: CIP Standards And I started looking at the "Subject to Future Enforcement" sections. In short, I don't think LEM is the tool for...
View ArticleRe: How can I log when a file is opened using Object Access Auditing?
I was a little upset that the best documentation is from the release notes for an RC 6 months ago, so here's a video showing how to setup FIM and analyze the resulting data. Solarwinds Log and Event...
View ArticleClik here to view.
Re: PURGE DATA SOLARWINDS LEM
Hi, Just saw this discussion thread and I am facing a similar problem, Checking Disk Usage.......Partition Disk Usage: LEM: 41% (1.2G/3.0G) OS: 39% (1.1G/3.0G)...
View ArticleRe: New version of the NERC CIP standards
There was rumor that TriGeo/LEM was going to have either port scanning capability and/or vulnerability scanning capability. Is that really/still on the roadmap? Not really looking for anything as...
View Articlewhat version of vmware hardware is supported?
I would like to setup support for 16 CPU cores but the hardware version of the image only supports 8. Any reason not to upgrade to the latest hardware version?
View Articleexclude PC or IP from scans on LEM
I am using Spiceworks and it uses credentials on some devices to communicate to get information, there are so many devices with different credentials (WMI, HTTP, SSH, SNMP, etc). What it does is that...
View ArticleIs there a way to automatically change the formatting of the attached nDepth...
Is there a way to automatically change the formatting of the attached nDepth report sent from LEM when a scheduled nDepth search completes? Basically, I have scheduled a daily nDepth search. nDepth...
View ArticleClik here to view.
Some fields in source event are not logged
Event-contents from the domain controller is not completely logged. For instance, here is an event as generated on the domain controller: Network Policy Server granted full access to a user because the...
View ArticleRe: what version of vmware hardware is supported?
I'm not finding any docs that talk about VM Hardware version after a quick search. You always have the option of snap-shotting your LEM, upgrading, and then seeing if there are any issues. However,...
View ArticleClik here to view.
Re: exclude PC or IP from scans on LEM
Presumably you have a rule that's alerting to failed logins. You could add a correlation to this rule to exclude the Spiceworks IP:
View ArticleRe: Is there a way to automatically change the formatting of the attached...
The nDepth export will always include every possible column, and there's not a way to change that. As a work-around, have you considered making an Excel Macro by recording one of your editing sessions...
View Article