First of all, this is a question from a new SolarWinds LEM user, so be nice...
The Attack Behavior Event Summary Report is showing numerous events on a daily basis in each of the various reporting areas; Attack Behavior, Resource Attack, Network Attack, etc.
Since I'm pretty sure that the information being reflected is not for "real" attacks, the report must be reflecting information from filters or rules that are not properly configured for our environment.
Where can I find information on what needs to be configured in the LEM to get the Attack Behavior Event Summary Report, and reporting in general, to reflect valid attack information?
Any help is appreciated.
Thanks you
tes