Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > Enable or Disable Threat Feeds

Enable or Disable Threat Feeds

Table of contents
Created by Erica Gill, last modified by Tim Rush on Jul 07, 2017

Views: 1,202 Votes: 1 Revisions: 7

Overview

This article describes how to enable  or disable Threat Feeds. LEM (versions 6.2 & newer) introduced the feature of Threat Feeds, which allow recognizing known and proven threats. Rules can make use of this data to automatically take action on Threat Feeds. 

 

Other references:

Environment

LEM 6.2 and newer

Steps

 

  1. Log onto the LEM Web or Air Console.

  2. Click Manage > Appliances.

  3. Go to the Settings tab and select or deselect Allow Log & Event Manager to detect threats based on lists of known malicious IP addresses.
    Enable Threat Feeds

  4. To verify that your Threat Feed is updating every morning, you can run the following nDepth search and look for this recurring event that comes in every morning at 3:14 AM:
    InternalInfo.EventInfo = *threat*

 

 

 

 

 

Last modified

Tags

Classifications

Public