Re: nDepth Report Logic Changing On Its Own
If you submitted a case, can you tell me the number, so I can dig in? I don't see this problem with plain ol' text and user-defined groups, so it seems to be something special about directory service...
View ArticleRe: FEATURE REQUEST - NCR, Radiator Connector
Having the multi line events would be optimal, because in those events we can see if a command was executed in one of those multi line items...
View ArticleRe: FEATURE REQUEST - NCR, Radiator Connector
sorry, I guess the answer is "yes" we need, if possible, those multi line events combined into a single event, so that we can see exactly what happened in the event (i.e. a command was issued)
View ArticleRe: nDepth Report Logic Changing On Its Own
It's case# 506090, support yesterday told me that it's a regression that was fixed in 5.5 but resurfaced in 5.6, so at least I have an answer now.Thanks,-Keith
View ArticleRe: nDepth Report Logic Changing On Its Own
Thanks! The new case just got escalated up to engineering today, we'll take a look.
View ArticleEvents/Event Groups
Is there a place I can go to find out exactly what an Event or an Event Group is looking at. For example, I noticed that one of the built in filters is called "Security Events". When you go to edit...
View ArticleSubscriptions not working
Recently transitioned from SIM (hardware) 5.3.1 to LEM (virtual) 5.6. I have created several rules that I have subscribed to. However, when these rules fire, I do not see these events in the...
View ArticleFIM (File Integrity Monitoring)?
I am curious if SolarWinds has any solutions for File Integrity Monitoring? We are in need of a FIM solution and I would love to stick or at least consider SolarWinds but I am not sure if they have a...
View ArticleRe: Issue with custom LEM report
Here's a question: did the default credentials for the ODBC driver change?
View ArticleClik here to view.
Re: Issue with custom LEM report
The credentials didn't change themselves, but we're using an entirely different driver now, so the ODBC records should be pointing to the new driver instead (when you install the new version of...
View ArticleGroup containing a network for rule filter?
We have an external vulnerability scan service that runs periodically. When it does, I get thousands of e-mails from LEM about it. The service runs from a /20 network address block, so putting in...
View ArticleClik here to view.
Re: FIM (File Integrity Monitoring)?
We don't currently have a true FIM solution (basically, people are using windows file auditing with LEM to get by), but we're looking into it. Nothing inevitable, and no timelines (as usual ). Would...
View ArticleRe: Group containing a network for rule filter?
We don't have any group type or field that's very subnet-aware (unfortunately) but you could build a User-Defined Group that contained each IP in the subnet and have the filter/rules use that as an...
View ArticleRe: Subscriptions not working
My guess is you'll need to check out your Subscriptions filter and make sure it's pointing to the right user. Open up your subscriptions filter, check and see if the subscriptions (right hand side) is...
View ArticleRe: Events/Event Groups
Yes! You can see what events are in an event group from Build > Groups. You can refine it just to Event Groups to just see those, then click on one, and down below you'll see which events are...
View ArticleRe: FIM (File Integrity Monitoring)?
I would prefer it be part of LEM. SIEM & FIM are joined at the hip as far as I am concerned and only having to deal with one agent for both would be preferable. To me they belong in the same...
View Article