Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > LEM All Threat Events filter conditions

LEM All Threat Events filter conditions

Table of contents

Updated June 5, 2017

Overview

This article provides the default conditions used for the All Threat Events filter under the Security section.

Environment

LEM 6.2.1 and later

Detail

Name: All Threat Events

Conditions:
(OR)1st group{

(AND)2nd group{Asset Scan Result Alerts.IsThreat == True}

(AND)3rd group{Auth Audit Alerts.IsThreat == True}

(AND)4th group{Auth Suspicious Alerts.IsThreat == True}

(AND)5th group{HostIncident.IsThreat == True}

(AND)6th group{HybridIncident.IsThreat == True}

(AND)7th group{Network Attack Alerts.IsThreat == True}

(AND)8th group{Network Audit Alerts.IsThreat == True}

(AND)9th group{NetowrkIncident.IsThreat == True}

(AND)10th group{Netowrk Suspicious Alerts.IsThreat == True}

(AND)11th group{Policy Access Alerts.IsThreat == True}

(AND)12th group{VirusAttack.IsThreat == True} }

 

See the Default LEM filters conditions on the Web Console Monitor page article for a full list of available default filters in LEM.

 

Last modified

Tags

Classifications

Public