Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Additional LEM Configuration and Troubleshooting Information > Using the Computer-based Active Response

Using the Computer-based Active Response

Created by Caroline Juszczak, last modified by Steve.Hawkins on Sep 13, 2016

Views: 22 Votes: 0 Revisions: 4

Use the Computer-based Active Responses to perform Windows-based actions related to computers and computer services on your LEM agents. These actions are useful to respond to insider abuse, computer infections, and other suspicious activity. They can be automated in a LEM rule, or executed manually from the Respond menu in the LEM Console.

  • Disable Windows Machine Account1
  • Enable Windows Machine Account1
  • Disable Networking
  • Detach USB Device
  • Restart Machine
  • Restart Windows Service
  • Send Popup Message
  • Shutdown Machine
  • Start Windows Service
  • Stop Windows Service

Deploy your LEM agents and configure the Windows Active Response connector based on where you want to perform these actions. To perform actions at the domain level, deploy a LEM agent to at least one domain controller. To perform actions at the local level, deploy a LEM Agent to each computer where you require an active response.

  1. Open your LEM Console and log in to your LEM Manager as an administrator.
  2. Click Manage > Nodes.
  3. Locate the LEM agent that requires a new connector.
  4. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/060/Button-Gear_18x15.png next to the agent and select Connectors.
  5. Enter Windows Active Response in the Refine Results search box.
  6. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/060/Button-Gear_18x15.png next to the connector and select New.
  7. Enter a custom alias name for the new connector, or accept the default.
  8. Click Save.
  9. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/060/Button-Gear_18x15.png next to the new connector and select Start.
  10. Click Close to exit the Connector Configuration window.

Create or clone rules to perform the action

  1. Locate the action in the lower left part of the Rule Creation screen.
  2. Drag the action under the rule Actions.
  3. Fill in the appropriate fields.
  4. Click Save.
Last modified
15:49, 13 Sep 2016

Tags

Classifications

Public