Campaign: Content Packs

Windows Firewall Advanced Content Pack

Extract more Details from Windows Firewall File-Log

(ContentPack is attached)

 

- Blocked Connections by Source IP

- Blocked Connections by Destination IP

- Blocked Connections by Source Port

- Blocked Connections by Destination Port

- Blocked Connections by Protokoll

- Blocked Connections by Hostname

- Disabled / Enabled Firewall

Submitted by

Type : Content Pack

Voting

8 votes

Campaign: Content Packs

Content pack for Netflow

A content pack analysic netflow traffic from different sources

Submitted by

Type : Content Pack

Voting

8 votes

Campaign: Content Packs

Snapshot Dashboard in vSphere Content Pack seems broken

The widget "VM Snapshots Created" in the "Virtual Machine - Snapshots" Dashboard in LI 4.0 seems to be broken. Even if taking multiple snapshots and setting the dashboard time span correctly, it stays on 0 and the other widgets on the dashboard remain empty. It seems to stem from the field 'vmw_esxi_snapshot_operation', which doesn't seem to match any of the log events that ESXi or vCenter Server generates when taking ...more »

Submitted by

Type : Bug

Voting

2 votes

Campaign: Content Packs

Updating content pack resulted in removing all dashboards.

LI version: 3.6

_____________________

 

After upgrading content pack on 3.6 Log insight from 3.6 to 4.0 result is at being all dashboard removed // disappear.

Is this because 4.0 CP should be run only on 4.0 and higher LI or?

Is there a way how to recover previous dashboards configuration?

Submitted by

Type : Bug

Voting

0 votes

Campaign: Content Packs

Cisco MDS Content Pack

Hello, I am wondering if any one has created or know of a content pack for Cisco MDS switches

Submitted by

Type : Content Pack

Voting

1 vote

Campaign: Content Packs

NSX Distributed Firewall Content Pack

I put together a quick content pack for NSX Distributed Firewall syslog analysis with Log Insight. It has field extractions for all of the relevant fields and some pre-built queries that give a solid framework to focus in on specific rules, protocols, or hosts. I wrote it to analyze potential rule impact will Allow-Log, but it also helps troubleshoot with visibility to drops as well. Content pack attached to this post. ...more »

Submitted by

Type : Content Pack

Voting

12 votes

Campaign: Content Packs

Geomap for NSX Fireall Dashboard

It would be really nice to have Geographic pinning similar to a lot of firewall tools & SIEM system where each outgoing IP address are pinned to a global map to have overview of where the traffics are going.

Submitted by

Type : Content Pack

Voting

1 vote

Campaign: Content Packs

exchange content pack

debug the powershell script

How can I debug "Exchange envirotment" script? I can run it. But it cannot product the output file.

Submitted by

Type : Bug

Voting

0 votes

Campaign: Content Packs

Weather content pack

Analyzing the weather with Log Insight: http://sflanders.net/2013/11/18/analyzing-weather-log-insight/

Submitted by

Type : Content Pack

Voting

2 votes

Campaign: Content Packs

Horizon VM to Zero Client

Trying to get log insight to grab the C:\ProgramData\VMware\VDM\logs\pcoip_server_2017_04_24_0000111c.txt file so that we can draw a line from a VDI session to a human on the other end of a zero client (we are a school district - kids are abusive on the equipment) There is a handy line in this file that tells me the IP of the zero client (man DNS resolution would be nice) but I can work with this because I have my DHCP ...more »

Submitted by

Type : Content Pack

Voting

0 votes

Campaign: Content Packs

VMware vSphere - More FDM (HA) details

Hello,

 

most HA information's are at the moment focused on VM HA Events. But the FDM Log analysis fur all the hist states is also very interesting.

 

I created some examples for the enhancement.

Submitted by

Type : Content Pack

Voting

1 vote

Campaign: Feature Requests

Feature Request - Using Log Insight as a Forwarder and retaining source IP

We are using a third party SIEM. Due to the layout of the network and security requirements, we can only use log insight if it can forward all syslog and event log data to our SIEM. The problem is that the SIEM relies on the source IP of the system that generated the syslog data to be able to do its analytics. It creates a log source for each new syslog packet with a distinct IP address. We would like to use Log Insight, ...more »

Submitted by

Type : New Feature

Voting

18 votes