Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Log & Event Manager (LEM) > LEM Rule for when users connect to a specific website

LEM Rule for when users connect to a specific website

Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 17 Votes: 1 Revisions: 4

Overview

This article provides information about the LEM Rules when a user connects to a specific website.

Environment

All versions of LEM

Information

Perform an nDepth query for the following criteria:

WebTrafficAudit.URL CONTAINS /ENTER_URL_HERE/

 

If this returns the expected results, build a new rule and set the correlation to the same as the above. Specify a correlation time and appropriate action.

For more a more further detailed procedure, click HERE.

 

To check the WebTrafficAudit: 

Go to ResourceAudit > NetworkAudit > ApplicationTrafficAudit > WebTrafficAudit.

 

WebTrafficAudit alerts reflect application-layer data related to web services. Included in WebTrafficAudit are client and server web events from web servers, web applications, content filter related events, and other web services.

WebTrafficAudit alerts generally indicate normal traffic, however, alerts of this type could also be symptoms of inappropriate web usage, potential abuse of web services, or other abnormal traffic.

 

 

Last modified
20:14, 22 Jun 2016

Tags

Classifications

Public