SolarWinds Security Event Manager (SEM) Reviews

<a href='' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
92 Ratings
<a href='' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.2 out of 100

Do you work for this company? Learn how we help vendors

TrustRadius TRUE BadgeTrustRadius Top Rated for 2020

Overall Rating

Reviewer's Company Size

Last Updated

By Topic




Job Type


Reviews (1-25 of 30)

Companies can't remove reviews or game the system. Here's why.
October 13, 2020
Brandon Demko | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We have a deployment of SolarWinds SEM that monitors our Windows and Linux servers currently for login attempts across the whole organization. This allows us to see any possible vulnerabilities in real-time.
  • It is flexible with a variety of system connectors.
  • Setup is easy.
  • Monitoring log size and system resources is simple.
  • It is a robust product so, not clear out of the box exactly what it can do.
  • Agent installs can sometimes need manual removal.
  • If you're running an older version of SEM, migrating clients to a new install isn't clear-cut.
SolarWinds SEM is a great cost/performance balance. It scales well and doesn't require a lot of babysitting. If you're not familiar with what you're looking for it can seem daunting.
The quality of support can vary depending on whom you end up speaking with. I was fortunate enough to work with a support representative who was very familiar with the product. He had even authored some of the support documentation on the website. On the flip side, I had two other experiences where I was simply directed to online training material.
Read Brandon Demko's full review
December 11, 2020
Alex Giralias | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
SolarWinds SEM is currently being used to aggregate all our event logs for our secure on-premises systems into one place for auditing and security purposes. It allows for easier review of security logs and allows for alerting to be created for certain events avoiding a regular manual review of these events.
  • Allows alerts to be generated
  • Slots into pre-existing Orion system
  • Easy to set up and configure
  • Online documentation for setup was not great and at points misleading.
If you have an extremely large server estate SolarWinds SEM may not be the best solution as it does not have an agent-less collection method.
Customer support is reasonably fast, and support agents are knowledgeable and helpful.
Read Alex Giralias's full review
December 08, 2020
Joseph Crook | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
SolarWinds has been implemented across our network as a systems management platform for server, applications and high value workstations. I assisted it's implementation with the systems that I administer across the region. It allows us to track the health of critical services and to quickly identify and address problems as they occur.
  • We use the client on register systems as event forwarders and log collection.
  • It enables us to verify the access security to high value workstations and register systems.
  • It provides a repository storage for log files so that they do not solely exist on workstations.
  • It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.
  • Within the scope of my role I have noticed that the client can be problematic during system startup - some of the register systems we use are older and have lower resolution screens. When the client loads it pops up on screen but completely out of scale (to clarify, it may open a window that is 14x14 inches on a screen that only displays 10x10 inches. This is more frustration than a functional problem.
  • Automated rollout would be useful but it is outside of my scope in my job to even know if it already has automated install capability.
  • The GUI itself is a little clunky and there is somewhat of a learning curve - training is provided to clients however a friendlier interface would be helpful.
For medium to large scale business that incorporate high-value resources and need a central log repository I think SolarWinds is fantastic. It may be overkill for smaller businesses however.
Read Joseph Crook's full review
October 23, 2020
Tim Short | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We are currently using it within our Operations team to monitor events and alert others of security events and anomalies that it detects. I would like to recommend this product to any business needing to increase their security posture and get better alerts and more reliable data to look at to assist with the root cause and security monitoring.
  • Automated threat detection
  • Log collection
  • Live filtering
  • Custom rules
  • Alerting can be confusing to configure
  • The dashboards and widgets look a little old as with all SolarWinds products
  • The initial setup can take a lot of time
It is great for using the automated response to log off users or detaching a USB device to assist with keeping your end-user devices safe in the workplace and from home now that people are doing more of a home office has a tool that can monitor what is going on on the desktops is a big plus and giving our OPS team the ability to kill a malicious process without giving them more training or privileged account to assist with stopping malicious users. There is not as much of a learning curve due to the fact that we already use the Orion products by SolarWinds making this product easier to learn.
SolarWinds customer support has always been amazing and extremely willing to help. They also are great at providing a library of training and videos to further your knowledge and help you learn more about your product. The support team has helped us with data migration of other products and upgrades and they kept at it and stayed with us until the project was done.
Read Tim Short's full review
October 13, 2020
Adam Radics | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User
Review Source
SolarWinds SEM is used in our operational technology infrastructure to collect and analyze logs from critical systems, those that are part of or manage the infrastructure, and also systems themselves such as the control system(s). It is used to identify issues like account failures and unexpected configuration changes, as well as being a general centralized logging system. The only shortcoming is that it would be great if it could be used as a centralized logging system even for devices that do not have log processors. We have a number of devices not yet supported and just to have the logs in would be useful, rather than setting up a separate Syslog server.
  • Visualization: the UI is slick and easy to follow.
  • Filtering and Sorting: narrowing down logs is powerful.
  • Windows event log parsing
  • Device support: less common devices do not have drivers. An SDK or generic one to customize would be useful.
  • Generic syslog: some standalone syslog solutions without parsing are more powerful just for log analysis.
  • Traceability: tracing log events back to the source needs to be done in the older flash UI until implemented in the new UI.
SolarWinds Security Event Manager is good for detecting events out of the ordinary, however, getting it to the point where 'normal' or 'ok' activity is hidden is time-consuming and can be difficult. It is good as a general dashboard to identify security events or where changes have had unexpected impacts, not as good as a general log server for analysis.
The support is always very responsive and helpful. I was surprised how questions were answered and issues were looked into with screen sharing and log capture etc.
Read Adam Radics's full review
November 04, 2020
Kim Schroeder | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use Solar Winds Security Event Manager (SEM) across our entire organization. It enables our company to monitor and manage events and provide reporting required for PCI and ISO compliance initiatives.
  • Brings together security events from multiple system sources.
  • Allows IT to review and manage security related events.
  • Provides convenient filters/views allowing us to narrow down the data we want to see.
  • Some improvements in user documentation could be helpful.
SolarWinds Security Event Manager (SEM) works well for a company our size, and we think it will enable us to grow without having to change out the system. We've also implemented Solar Winds Service Desk.
Read Kim Schroeder's full review
November 12, 2020
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We're using SEM on various networks that need to comply with 800-53 security controls under RMF. We have many security technical implementation guides me must follow with many requirements that need to be followed.
  • Easy to install virtual appliance
  • Out of the box configuration that works with little modification
  • Price isn't based on events it's based on monitored nodes
  • It may not scale to millions of nodes
  • Searches way back in time take a little longer due to compression
  • Not many Cons really!
SEM is appropriate for all but the absolute largest networks. It works great for smaller, medium, and even some decent sized networks. Having options for all kinds of data to easily be ingested and have the events normalized out of the box is great. The price is really right when compared to other products. Some competitors are priced by number of events and in a locked down environment; this means millions of events so price climbs fast on these other products. Agents are easily deployed and can be used in images. The number of event connectors for ingesting data is large and built into the product and constantly updated. Updates are easy.
Read this authenticated review
December 09, 2020
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
SolarWinds Security Event Manager is utilized by the Information Technology department. Individuals on multiple IT teams have email alerts set up to notify them about events that require action. Additionally, the Security Event Manager is also utilized when there is a need to look at the logs to identify the root cause of a problem. For example, user account lockouts at a time the user wasn't in the office. It addresses multiple business problems by letting us know when something requires our attention.
  • Easy to utilize--the rules are straightforward and pre-configured. You just have to customize them to fit your environment.
  • Great customer service, which is incredibly useful when you want help with better utilizing the SEM.
  • Easy and clear filters when looking for specific information without your environment.
  • The SEM can be rather slow--an increase in CPU and RAM appeared to fix this problem fairly easily though.
  • The SEM has lately required reboots for us fairly often. This is something we are currently working with support to resolve.
  • The SEM could release additional graphic options to help better display data to management.
The SolarWinds Security Event Manager is great for people who want to be able to either view logs or set up emails for certain actionable events. However, it would be less helpful in a situation where you want your SEM to be taking action on specific items. There are some actions that can be taken by the SEM, but they constitute a rather short list in comparison to other SEM tools.
The support for SolarWinds SEM is pretty good. Most issues are easily resolved and the support team will work with you until the issue is fully resolved. Sometimes it takes a while to receive initial help, but once you get in contact with the support agent, it typically is a pretty decent process.
Read this authenticated review
December 09, 2020
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use SolarWinds security event manager to help provide insight to all of our logs across our organization. It provides a single pane of glass to this information. We’ve had great success and using the dashboards and some of the automated process is that we can put in place.
  • Insight to suspicious events.
  • Automated response to common issues.
  • Reports.
  • Interface.
  • Reporting.
  • Notifications.
The tool provides a single pane of glass to all of our products. It is nice to have the logs parse together in a single place. The interface itself has a lot to be desired. The product has been built over the top of other products and you can tell.
Read this authenticated review
December 08, 2020
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
The Solarwinds SEM is used for our client for 24/7 incident monitoring and reporting. The primary use is for account events, such as lockouts, disablement, and enablement to both user and computer accounts. It really works well in correlation and helps to stick with the audit and compliance. With a user-friendly web interface and automation modules, SolarWinds is an overall excellent cost-effective SIEM product if the intention is just to monitor for security incidents by manually created correlation rules.
  • Has a nice user-friendly interface. Some SIEM can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
  • The logging agent in the source device is really simple to deploy and integrate.
  • Monitoring and reporting the account disablement with detail to whoever disabled an account for audit and compliance.
  • Some logs are not parsed well, happen to depend on the external log parser tool.
  • The update method needs to be made even simpler, auto update would be better.
  • The email alert features with SolarWinds will send a large number of emails if the number of alerts email. The duplication of email alerting needs to be reduced.
The Solarwinds SEM will get your logs collected and analyzable, especially for Windows servers or workstations, it can be a good solution. Alerting and reporting need to be done manually, but once you have it set up the way you want, it will work solidly. If you are looking at a log collection solution that has any of its own smarts and analytics, Solarwind doesn't have such machine learning features, maybe in the future. If you want out of the box reporting and alerting, that won't happen. They need to create and fine-tune the rules more.
Read this authenticated review
November 11, 2020
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
SolarWinds Security Event Manager is used to collect, review, and analyze system logs from servers, workstations, and network devices. Used by one department, it solves the problem of having to go through long log files trying to find and make sense of an event. It also helps with reporting for compliance purposes.
  • Graphs showing important events
  • First-time setup and addition of new devices is easy and organized
  • Performance is excellent
  • Reporting could allow for more customization
  • Better integration with other products of SolarWinds line
  • More alert options
SolarWinds Security Event Manager is best suited for environments with many devices that need to be secured and are high availability, where any down time needs to be resolved quickly and the cause of a failure needs to be investigated and determined with good degree of precision. It's also suited for environments that need to be kept in compliance according to several standards. Many standards and policies require the keeping and review of logs for several years back.
Read this authenticated review
October 25, 2020
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Review Source
It is being used by the outsider IT company who does Level2 and Level3 support. We use it to audit network device logs with it (Palo Alto Firewalls and Juniper switches). Also we use it to audit Active Directory logons. It is easier to keep these logs in a single place.
  • Customizable dashboards, where you can see everything you want.
  • Easy to set-up connectors.
  • Fully customizable event filters.
  • Unable to set up some legacy equipment (Zyxel switches).
  • Not an easy to product to learn from scratches.
A good product for a single pane of glass auditing various products.
Not a product you can set up properly in 1 hour and needs long hours of reading to get used to.
Our only support case was the legacy Zyxel switch topic.
Read this authenticated review
October 02, 2020
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We are using SEM to get all logs from any devices to get an overview on what's going on the network. Also, this tool alerts us of suspicious activities.
  • Ease of use.
  • Good integration with others products.
  • Default detection rules.
  • Filter easy to understand.
  • Better report generation tool could be made (last version is better, but still room for amelioration).
  • Mobile app would be very useful (not web, real app).
It is well suited for a small/medium business that needs a SIEM, and doesn't want to spend weeks/months adjusting it to make it work. It's easy to put in place, so a low IT staff company can use SEM as SEIM without struggling weeks with expensive consultants. Also, on a budget side, is more affordable than competitors like Splunk or LogRhythm.
We've used the support 3-4 times. It was very fast and very efficient. All the problems we had were solved within the day. The support teams know the product, and there is no bounce between dozens of support teams. So it was a nice experience. Also, it is easy to reach them, I don't think we've waited more than 20 minutes.
Read this authenticated review
September 11, 2020
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Review Source
It addresses the issue of audit requirement by utilizing log consolidation (syslog, traps, windows log). For windows, an agent needs to be deployed. SEM normalizes the data for several fields so that it is easier to locate the specific event from the 10 million events received per day. The GUI is split into two parts. The first part is part of the new GUI which has dashboard, monitor, nodes, rules, groups (limited). The second is the older GUI where the other functions are. I tend to stay in the older GUI unless the function has been moved over to the new GUI. There is a third interface which can be reached by SSHing to the SEM. This allows to us to diagnosis any issues with the SEM.
It is generally used by the security team, but read-only access has been given to the networking and windows team to enable them to search for specific log entries.
  • Parses the logs into several comment fields to make the search easier
  • Can scale up to 218 million per day
  • For large amount of events, there is an unreasonable amount of CPUs and Memory needed
  • Reporting function has not been updated in many years and is very difficult to write
Well suited for triggering on well-defined events, such as logon failure. The correlation engine is especially useful in triggering on dissimilar events. Overall, it captures all of the events, and using the filters to locate the events is the best application.

It is not well suited for reporting, as it is very slow, making it almost unusable. The File Integrity Monitor is a good concept but does not work well in the real world. As it generates multiple events for file delete, create, etc.
Support for SEM is really good. For example, if the connector is not decoding the event correctly, SolarWinds will make a new connector to properly decode the event - this usually takes about two weeks. The support team is very knowledgeable about the inner workings of SEM and have full access to the system to resolve any internal issues.
Read this authenticated review
July 21, 2020
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Our organization chose to invest in SolarWinds Security Event Manager because we needed a centralized log management and correlation solution that can be quickly and seamlessly integrated into our global infrastructure. It is very easy to provision by simply installing additional modules onto the Solarwinds server and pointing all of the network/systems devices to it. Having log data in one central location has a huge benefit. For example, troubleshooting an issue on a network can now be done by multiple teams where everyone with access to SEM can search the log repository. The live filtering and historical search capabilities make it easy to get the necessary evidence and the time stamp of what the issue is and when it started. The built-in templates are also helpful in analyzing and targeting specific log data.
  • Advanced search capabilities across all log data, powered by a quick engine to minimize the delay.
  • Built-in or customized templates.
  • Alerting capabilities.
  • More advanced log correlation mechanisms with better filtering capabilities.
SEM is well suited for all size networks, from small to large. It can be used by network engineers or by security engineers as the tool can address multiple issues.
Solarwinds support may take a day or two to respond. However, the quality of support is pretty good.
Read this authenticated review
August 17, 2020
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
It is being used across our Presort division. It allows us to monitor daily issues and hiccups so that we can address them from anywhere in the country. With it, I'm able to track my local facility while still traveling to the other facilities in the country. It is a lifesaver when I need to be flexible and have the ability to travel or even stay home.
  • Centralized log collection and normalization.
  • Automated threat detection and response.
  • Integrated compliance reporting tools.
  • Auto report sending alerting.
The initial install is the first step and shows you some compliance issues that you may not even be aware of.
I haven't had to utilize this, but I know about SolarWinds support I get on the other products.
Read this authenticated review
April 03, 2020
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use SolarWinds SEM to monitor all production systems Canada-wide. Often times when troubleshooting devices or applications from a administrative position or help desk it can be very time consuming to pull logs from each device and filter out what you're looking for. By using the SolarWinds SEM tool you can forward all relevant logs and filter out what you don't want to see, which reduces time spent resolving tickets and helps to better locate those pesky problems.
  • Log Filtering
  • Alerting
  • Monitoring
  • SEM does have some efficiency issues, other tools have been able to handle millions of logs per hour but SEM seems to get overloaded quickly.
  • The UI is slow to respond after the solution has been running for a while.
  • Some of the logic is fairly limited with the UI, maybe they could improve the usability of the UI.
SolarWinds SEM is great for alerting when applications are misbehaving, sometimes if an application gets stuck in a logic loop you will immediately know with SolarWinds SEM because you can see the logs generated on that application would have skyrocketed. It also provides useful information to really track down what computers are locking your account out (we all deal with this). SolarWinds SEM will only benefit you if it can see the logs on the device or forward them to SolarWinds SEM.
I have had no issues with SolarWinds Security Event Manager support so far. They have always been able to solve my problems in a timely manner. Unfortunately the more complex the problem is the more difficult it is to get support to resolve it, so you will have to learn a lot about the application either way.
Read this authenticated review
January 31, 2020
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
SolarWinds Security Event Manager is a log and event manager that we implemented to replace our Cisco MARS appliance. This system is used by our security team to monitor and log events throughout the entire organization. From an alerting point of view, SolarWinds Security Event Manager makes our monitoring simpler and more refined. By allowing us to create and set email alerts on important and critical events, SolarWinds Security Event Manager allows a hands-off approach, so that we don't have to review hundreds of lines of alerts to get the critical information, saving us time and effort.
  • Allows log collecting from almost any source of data, using multiple types of authentication and collection (i.e. SNMP, WMI, etc.)
  • Allows customization of dashboards per user, so that you can quickly find the information relevant to your position.
  • The dashboard and reports use javascript, which can be slow to load.
  • To get it up and running was fast, however, to correctly configure proper alerts, you have to spend a ton of time.
SolarWinds Security Event Manager is well-suited for small- to mid-sized organizations that cannot afford a large Information Technology team or department. SolarWinds Security Event Manager has robust reporting and logging capabilities, but significant time must be spent up front to ensure proper configuration. Once configured, however, the power of SolarWinds Security Event Manager stands above Cisco from an alerting perspective and can assist with investigating any security issue in your environment.
The documentation is lacking specifics on definitions of alerts, so trial-and-error needs to be employed to use SolarWinds Security Event Manager properly. The installation of SolarWinds Security Event Manager was straightforward and any issues were resolved quickly via emails to the SolarWinds Security Event Manager support team. Using a virtual appliance vs. the regular install was the way to go in our environment and made the deployment that much easier.
Read this authenticated review
November 16, 2019
Adam Morrison | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
SolarWinds Security Event Manager is being used by our networking and security team on a daily basis. Often times changes to accounts or to your Microsoft Active directory will be logged, but not alerted. This can lead to a false sense of the current state of your accounts and can make a team "blind" to what is happening inside systems. SolarWinds SEM allows teams to receive emails based on pre defined parameters.
  • SolarWinds easily provides the much needed visibily into changes in an Active Directory (AD) environment. Email alerting can be configured to alert a team if an account is locked out, disabled by another users, or if users and/or computers accounts are created.
  • SolarWinds allowed a searchable audit feature. Microsoft Windows can be configured to log many different parts of a system, but search those logs can be difficult. SEM allows you to search for specific users or events.
  • All SolarWinds product suffer from slow response times in management portals. SolarWinds SEM is no exception. While it is much preferred over a "thick client" there is much room for improvement in speed.
  • If you use the email alert features with SolarWinds make sure to prepare you staff and team for the large amount of emails they could receive. Make sure to reduce the number of alerts so your team does not ignore the alerts.
When an account is created in active directory your teams can be notified. You can also be notified when computer objects are created in your enviroment. This can be helpful to spot unknown devices that may try to bind to your AD for authentication. Or if accounts are deleted in mass you can react quickly.
I have not directly worked with SolarWinds support. However, my staff has great things to say about them. Even during upgrades on the servers that we were doing ourselves support was very helpful with troubleshooting and best practices. Also the TWACK community is very helpful. I have heard other people in the industry stated that it is one of SolarWinds best features.
Read Adam Morrison's full review
January 15, 2020
Swetal Jariwala | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
It is being used, at this time, only by my department. We use it to collect logs from all our network devices, servers, and other devices we use to support our services. It is useful for us to have all of our logs in a single place and searchable.
  • SEM normalizes logs very well. It is simple to be able to compare fields in logs from say a Cisco router and a Windows server, especially timestamps.
  • SEM has great flexibility in customizing its various aspects, especially its correlation rules and reports.
  • SEM doesn't support out-of-the-box several device manufacturers that are used in my environment. For example, Peplink and Netonix.
  • I have to purchase a separate log parser tool rather than having it included in SEM.
SEM is great in my environment for monitoring Windows Event Logs to view any changes in Active Directory such as adding users to administrators and domain admins groups. Also for auditing configuration changes on Cisco devices, it is very useful. I find it not so useful for logs from the VMware NSX platform. For these logs, I use VMware's own vRealize Log Insight. It would be great if I could consolidate everything onto SEM and have a single place to collect and analyze all logs.
I have yet to contact support.
Read Swetal Jariwala's full review
December 28, 2019
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We are using the Security Event Manager to keep track of a number of things.

Configuration changes for our Core network And campus devices which include nexus and Cisco iOS routers, switches and firewalls. We use it as a way to audit admin login failures. Our Device Syslog is sent to it. We use it to keep analyze network traffic when troubleshooting.
  • It does a great job of notifying us when accounts have been locked out. We can then find out the device on the network where the login attempt occurred.
  • Searching for incidents is now a lot faster with the implementation of the HTML 5 interface.
  • Some aspects have not been fully integrated into HTML 5. Those are still a bit slow to access.
  • Need an easier way to upgrade the software. SSH to the console and running the commands to connect to the TFTP server is archaic. Needs an “update” button.
It is well suited to monitor your Windows AD. You can get detailed login information and notifications like failures and lockouts. It also shows the IP address where it occurs so it makes locating the culprit a lot easier.

It does well with monitoring for suspicious activity. It can alert you if It sees a client is trying to circumvent DNS so they can go through proxy avoidance tactics.
We have only needed to contact SolarWind's support a few times for this product but when we have, the engineers have been thorough and persistent with helping us to resolve our issue. One of the issues we had was an upgrade the went wrong. The engineer was able to help us and get our SIEM back online before the end of our maintenance window.
Read this authenticated review
October 09, 2019
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We initially started using SolarWinds Security Event Manager(previously Log and Event Manager) to meet a security compliance requirement. Once I spent some time with it, I realized that I could use it for alerting on specific events and activities that our users were interested in. For instance, we used the File Integrity Module on our HR file share to alert the HR manager when files were added or deleted, and then we sent a weekly report to that department with all read/write activity. We also used it to monitor AD changes, and the email alerts were really useful in producing historical information about what changes had been made recently.
  • Compared to other SIEMs, it's relatively easy to get up and running. The virtual appliance is easy to maintain.
  • Support was top notch. The support team really knows their stuff when you run into an issue.
  • The email alert system is easy to use and attach to a fired rule.
  • Compared to other SIEMs, there are features that are missing. Machine learning, automatic event correlation, ability to correlate multiple sources together.
  • The UI is clunky, and the *New* event log analyzer page felt really disjointed from the rest of the product.
  • In my experience, the dashboards were almost unusable. They persisted across login per device, and even then they sometimes would reset and go back to the ''Getting Started'' look.
Smaller companies just getting started with looking at security products would like the product. Also, maybe smaller companies without dedicated security staff that just need something for some bare minimum requirements. It does some of the easy stuff pretty well, and there's no massive learning curve.

Bigger companies or companies with dedicated security staff will likely look at other options. This seems like an entirely mid-market only purchase. If you want to be able to correlate events from multiple sources, not just agent-based windows logs, you'll likely need to look elsewhere. While you can also forward syslog to the appliance, you can't enrich any data or use sources like NIDS/HIDS logs. This product will not give you a true single pane of glass like some offerings.
Support is above and beyond what I typically deal with from IT products. I've never had a support ticket go unanswered for longer than an hour, and within another hour someone was ready and able to help with the issue. Their support staff is all in-house, and they actually know the product they're supporting.
Read this authenticated review
November 15, 2019
Anonymous | TrustRadius Reviewer
Score 1 out of 10
Vetted Review
Verified User
Review Source
We are mostly using it to track logs from our Windows Server. We do also have some networking equipment sending syslog to it as well. Primarily we use it to help track down password lockouts. Its terrible UI doesn't allow for much more than that. It would be nice if there were some nice looking always on dashboard type screens we could use.
  • I honestly don't have too many good things to say about it. It was cheap compared to other products like Splunk and that's why we bought it.
  • Even though this is like 90X cheaper than other products like Splunk, etc. - It's still overpriced because it's terrible.
  • Flash, Java, Really? Who still uses this? Also, why is this not integrated with Orion and useable from the same Solarwinds dashboard as all our other Solarwinds products?
I'd give it a 0 if that was an option. Sometimes, on the rare occasion that the SSO isn't broken, we can actually log in to this and click around for 30 minutes and finally find some logs that point us in the right direction for tracking down what's locking out an AD account. Other than that, it's useless.
I don't think we've ever actually called support for this specific product. We've called Solarwinds support for several of the other Solarwinds products we own and they are usually pretty helpful.
Read this authenticated review
February 04, 2019
Roger Mialkowski | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
As an organization with many types of hardware/software, we needed something to gather logging output using industry standards. We already use SolarWinds for network monitoring so SolarWinds Log & Event Manager (LEM) seemed to fit the bill. We had a vendor assist with the initial installation and configuration. Then it was just a matter of the various teams (Network/MS Server/VM/Unix) to configure their nodes to point to LEM so the data collection could commence.
  • SolarWinds LEM has not bogged down with the amount of logging data we throw at it. This is comforting because we can rest assure that we can continue to add new nodes to it.
  • The SolarWinds LEM platform is very stable. The main part is the collector appliance and the second part is the reporting server which you can generate either custom or canned reports for regulatory compliance certification.
  • When configuring the collectors, you are able to customize the gathering of data to make sure you are getting exactly what you need.
  • While the initial setup was straightforward, customizations to reports can be a little daunting. Luckily SolarWinds has videos available on steps to proceed and their tech support reps are very helpful too.
  • The frequency of version updates is few and far between. This may be a good thing and should be expected since it is a set it and forget it kind of virtual appliance.
  • It would be helpful if SolarWinds LEM had Wizards built-in that could assist in adding new types of devices. At times, I've had to go with trial and error until SolarWinds LEM would actually start collecting data from a particular one-off node.
SolarWinds Log & Event Manager is very well suited in a heterogeneous enterprise setting (multiple locations/campuses) where you would have various brands/manufacturers of devices represented. While it doesn't require a full-time admin, it does take a little time to add/update/remove nodes in, configure data collection settings, and generate custom reports. Because of this, it may not be a perfect fit for a small to medium-sized business due to the initial investment of time and cost.
Read Roger Mialkowski's full review
February 28, 2019
Jim Trucano-Harp | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Review Source
As a Network Monitoring Engineer and instructor, I see many Government and Military IT Organizations choose LEM as their primary Security Event and Incident Manager(SEIM) across all of their networks. LEM allows them to have a consolidated, normalized view of both their server and network environments. Having a consolidated view provides SolarWinds customers with the ability to correlate multiple security events across disparate systems and greatly reduces the amount of time and effort to detect and respond to potential security intrusions.
  • One of the most valuable features of SolarWinds LEM is its ability to normalize logs from differing systems into one common format. LEM normalization saves time and effort in doing forensic analysis by letting security personnel see the "whole picture" of their network in one place.
  • LEM's Active Response capability makes it easy to watch a security event happen in real time and to take immediate action. For example, LEM can very efficiently allow security personnel to logoff suspect users or even restart important Windows Server processes in real time, before further intrusion can happen.
  • LEM has a lot of out of the box features that allow for the quick implementation of security policy across many industries. LEM can provide immediate compliance monitoring and management for standards such as PICA, HIPAA and DISA-STIG.
  • The number one challenge for SolarWinds customers I see is LEM's reporting software. LEM Reporter, a standalone Windows Application, is not as intuitive as customers would like and they report some instability in the application itself. Customers tend to use LEM's search scheduling as a more effective way to report on security events.
  • Performance has been an issue based on LEM's use of a Flash interface. This has been a limitation for a long time. However, with the transition of the LEM interface from Flash to HTML5, customers are reporting much better performance starting in LEM 6.5
  • Every one of my customers makes some comment about LEM's very high learning curve. LEM is not very intuitive, requiring a lot of rote learning through repetition. Many LEM customers request some type of training to help them learn to use it.
LEM is best deployed in networks requiring high-speed aggregation of log messages across disparate platforms to a single logging system. In an environment where immediate response to security events and incidents is needed, LEM performs very well. From tracking suspicious user login events in real time to detaching suspect USB devices from workstations, LEM provides the ability to respond quickly.
Read Jim Trucano-Harp's full review

Feature Scorecard Summary

Centralized event and log data collection (18)
Correlation (15)
Event and log normalization (18)
Deployment flexibility (18)
Integration with Identity and Access Management Tools (13)
Custom dashboards and views (17)
Host and network-based intrusion detection (4)

What is SolarWinds Security Event Manager (SEM)?

SolarWinds Security Event Manager (previously know as Log & Event Manager) is presented by the vendor as a powerful and award-winning SIEM. It is an on-prem deployed tool that collects, consolidates, and analyzes logs and events from firewalls, IDS/IPS devices and applications, switches, routers, servers, operating system logs, and other applications.

The main applications are threat detection, automated incident analysis and response, and compliance reporting for IT infrastructure.

SolarWinds Security Event Manager (SEM) Features

Security Information and Event Management (SIEM) Features

Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views

SolarWinds Security Event Manager (SEM) Screenshots

SolarWinds Security Event Manager (SEM) Video

Security Event Manager - Overview

SolarWinds Security Event Manager (SEM) Downloadables

SolarWinds Security Event Manager (SEM) Competitors

SolarWinds Security Event Manager (SEM) Pricing

  • Has featureFree Trial Available?Yes
  • Does not have featureFree or Freemium Version Available?No
  • Does not have featurePremium Consulting/Integration Services Available?No
  • Entry-level set up fee?No

SolarWinds Security Event Manager (SEM) Support Options

 Free VersionPaid Version
Video Tutorials / Webinar

SolarWinds Security Event Manager (SEM) Technical Details

Deployment Types:On-premise
Operating Systems: Windows
Mobile Application:No