Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Log & Event Manager (LEM) > LEM Workstation Events with Threats filter conditions

LEM Workstation Events with Threats filter conditions

Table of contents

Updated June 7, 2017

Overview

This article provides the default conditions used for the Workstation Events with Threats filter under the Endpoint Monitoring section.

Environment

LEM 6.2.1 and later

Detail

Name: Workstation Events with Threats

Conditions:

(AND)1st group{

(OR) 2nd group{

AuthAditAlerts.IsThreat = [True]

(AND)3rd group{AuthSuspiciousAlerts.IsThreat = [True]}

(AND)4th group{HostIncident.IsThreat = [True]} 

(AND)5th group{HybridIncident.IsThreat = [True]}

(AND)6th group{NetworkAttackAlerts.IsThreat = [True]}

(AND)7th group{NetworkAuditAlerts.IsThreat = [True]}

(AND)8th group{NetworkIincident.IsThreat = [True]}

(AND)9th group{NetworkSuspiciousAlerts.IsThreat = [True]}

(AND)10th group{PolicyAccessAlerts.IsThreat = [True] }

(AND)11th group{VirusAttack.IsThreat = [True] }

(AND)12th group{AssetScanResultAlerts.IsThreat = [True] } 

}

(AND)13th group{AnyAlert.DetectionIP = *ReplacewithWorkstationConnectorProfileOrADGroup* }  

}

See Default LEM filter conditions on the Web Console Monitor page for a full list of available default filters in LEM.

 

Last modified
17:14, 6 Jun 2017

Tags

Classifications

Public