• 0

LogicMonitor Collector Trying to Access Admin Share?



Has anyone received alerts/events from a SIEM noting that a Logic Monitor collector tried to access an admin share but denied? I was thinking Perfmon might be part of the issue here. Initial feedback from LM is that this is not something that should not occur. 

Edited by MrSecurity
Link to comment
Share on other sites

1 answer to this question

Recommended Posts

  • 0
  • Administrators

Depends on the datasource. A datasource could be written to discover the list of shares, which may include the admin share. The collection mechanism could then attempt to access something on that share for the purposes of gathering some kind of metric. I'm not aware of one out of the box that does that though. I'd start by looking through the datasources that have discovered instances on that server and see if any of the instances are the admin share. If so, and you don't want to include the admin share, you could simply write a discovery filter to exclude it from discovery (which would exclude it from collection as well).

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.