I'm still getting the feel of the SolarWinds LEM. The Security chief posed the following: he wants to be alerted when our FTP server outbounds a message, with an attachment that is a .pdf file.
Here's what we have. The FTP server is in our DMZ (firewalls on both sides) We are using SNORT as our IDS. There is no agent on the FTP server. We do not employ any application to read packets.
Can anything be accomplished using the LEM?
Thanks for any help.