Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Create ndepth FIM File Audit Alert Search

Create ndepth FIM File Audit Alert Search

Table of contents

Updated: November 3, 2016


This article describes how to create a nDepth search for FIM related data.



  • LEM version 6.x


1. Log in to LEM console.

2. Click Monitor tab.

3. Click Explore > nDepth.

4. In nDepth panel, click Event Groups > File Audit Alerts.

5. From the Fields: File Audit Alerts drag EventInfo and then DetectionIP, to look something like the one below:


6. Click Search button on the top right (blue play button as shown below) after selecting small period example 1 hours or last. Change the sample interval to a custom date range. The longer the date range is, the more time it will take for the data to pull depending on how many files/folders FIM was monitoring.


Refer to How to create filter for FIM data if you like to create a filter for FIM.

This article about FIM Related Windos Event ID's might also help with search and reporting.

Last modified
00:53, 3 Nov 2016