Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Log & Event Manager (LEM) > LEM Rule for when users connect to a specific website

LEM Rule for when users connect to a specific website

Overview

This article provides information about the LEM Rules when a user connects to a specific website.

Environment

All versions of LEM

Information

Perform an nDepth query for the following criteria:

WebTrafficAudit.URL CONTAINS /ENTER_URL_HERE/

 

If this returns the expected results, build a new rule and set the correlation to the same as the above. Specify a correlation time and appropriate action.

 

To check the WebTrafficAudit: 

Go to ResourceAudit > NetworkAudit > ApplicationTrafficAudit > WebTrafficAudit.

 

WebTrafficAudit alerts reflect application-layer data related to web services. Included in WebTrafficAudit are client and server web events from web servers, web applications, content filter related events, and other web services.

WebTrafficAudit alerts generally indicate normal traffic, however, alerts of this type could also be symptoms of inappropriate web usage, potential abuse of web services, or other abnormal traffic.

 

 

Last modified

Tags

Classifications

Public