Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Exclude specific account from a rule

Exclude specific account from a rule

Table of contents
Created by Jason Dee, last modified by MindTouch on Jun 23, 2016

Views: 42 Votes: 1 Revisions: 6

Overview

This article details how to exclude a specific account from a rule so you are not receiving email alerts for that account.

Environment

LEM all versions

Steps

  1. Go to Build > Rules.
  2. Click on the gear icon and choose Edit on the rule you need to modify.
  3. Expand Events on the left side and highlight the applicable Event Name used in the Correlations section.
  4. Drag the DestinationAccount field from the Fields section beneath Events to a new line under Correlations.
  5. Click on the Equal sign to change it to Not Equal.
  6. Enter the account name you wish to exclude and surround it with asterisks (wildcards).
  7. Save the rule and click Activate Rules.

 

Here is an example of what this looks like using the Account Lockout rule:

 

 

Note that you may not necessarily be using the DestinationAccount field in every case. If you're not sure, find the event using nDepth and verify which field the account name is under.

 

 

 

Last modified
20:00, 22 Jun 2016

Tags

Classifications

Public