Re: Sonic Wall Email security device into LEM
Thanks for the reply, Yes I have the Sonic Wall email appliance connector running and I have also configured the device to send syslog messages to the LEM server.I will look into the connector updates...
View ArticleRe: Not all USB devices being picked up
I believe that Support can get you a copy of "USB Defender on Steroids" that will report on literally anything hitting a USB port. CAUTION: I mean literally anything. Keyboards, mice, web cams,...
View ArticleRe: Re: Eliminate .tmp and ~$ with filter?
I was re-reading your description of the filter, and I think it's dawned on me why it wasn't working. Can you try importing this filter and see if it works better?
View ArticleRe: Eliminate .tmp and ~$ with filter?
Thanks Curtisi. Your filter works if you close off the .tmp and ~$ with another * (e.g. *.tmp*).
View ArticleClik here to view.
Re: LEM High Availability
Jeff Thanks for the quick reply but this contradicts the manual and CLI "If you have a High Availability (HA) system, upgrade the primary appliance(s) first, followed by the secondary appliance(s)" Via...
View ArticleNo docs for connector and other items
Today setup the Qualys connector, had to guess on how it worked. As I found MANY times before NO documentation what. So figured I start a discussion about this and see what people think, what took...
View ArticleClik here to view.
LEM to Alert on failed local account logon attempts to machines
Hi, I am after LEM to report and alert on failed local logon attempts... I have looked within the filters and there is a 'Local Account Authentication/Changes' but it showing 0 results, even after I...
View ArticleRe: LEM to Alert on failed local account logon attempts to machines
Have you checked the security log of the machine you are testing? If there is nothing there, then LEM has nothing to pick up. You will need to enable auditing. If it's there, then try doing an nDepth....
View ArticleRe: No docs for connector and other items
I like this list! I know at least some of these things are already in the LEM Feature Requests section of THWACK, so you may want to go up-vote the ones that are there. And I think I'll be using some...
View ArticleRe: LEM to Alert on failed local account logon attempts to machines
Are you running agents on your local machines? Do the agents read the appropriate logs (have connectors) for failed authentication attempts? Are your audit policies set to produce those log entries?
View ArticleRe: LEM High Availability
When Trigeo was still selling the physical SIM appliances, they couldn't very well rely on VMWare or Hyper-V for HA systems. The LEM VM is the same code-base as the SIMs, and so there are some...
View ArticleRe: LEM to Alert on failed local account logon attempts to machines
Thnaks for your help! I have noticed an issue that we didnt have a GPO configured to audit failure logon events and therefore why they won't show in the audit logs of the machines. Although, do you we...
View ArticleRe: LEM to Alert on failed local account logon attempts to machines
To pick up local logon failures, you do need an agent on the workstation. Workstation nodes are priced differently than the regular nodes like servers, routers, firewalls, switches etc. For a good read...
View ArticleRe: Windows share mount error
Thanks for the info. I have my root password, but still having issues(mount error 95), probably with my syntax. I'll keep trying... steve
View ArticleClik here to view.
Re: LEM High Availability
This is exactly what I wanted to know / understand, please update the manual, and even the cli, as depreciated feature.
View ArticleFIM multiple events?
Hi guys I have FIM set up but I am getting something weird where I get a FileCreate, FileDelete, and then FileCreate, all within about a second and with the same file name. Does anyone know why this is...
View ArticleBest way to exclude folders in FIM 6.1
I am just beginning to work with FIM in LEM 6.1. What is the best way to exclude a particular folder in, for example, the Windows folder? and is it normal to see multiple write 'hits' on the same file,...
View ArticleRe: Best way to exclude folders in FIM 6.1
I think you simply exclude it in your selection when you are setting up your conditions and browsing for Drives and Folders to watch. I don't know if there is another way for accomplishing the same...
View ArticleClik here to view.
Re: Best way to exclude folders in FIM 6.1
The way I am doing it now is selecting each folder in a the tree and choosing the non-recursive option. What I don't know is if the overhead on the server is more with a bunch of non-recursive...
View Article