TrustRadius
SolarWinds LEM is security information and event management (SIEM) software.https://media.trustradius.com/product-logos/Gg/Bs/RBQEX0DE9BPC.JPEGSolarWindsSolarWinds LEM: Useful and Low Cost SIEM Solution for SMBs2019-10-09T19:03:08.430ZWe initially started using SolarWinds Security Event Manager(previously Log and Event Manager) to meet a security compliance requirement. Once I spent some time with it, I realized that I could use it for alerting on specific events and activities that our users were interested in. For instance, we used the File Integrity Module on our HR file share to alert the HR manager when files were added or deleted, and then we sent a weekly report to that department with all read/write activity. We also used it to monitor AD changes, and the email alerts were really useful in producing historical information about what changes had been made recently.,Compared to other SIEMs, it's relatively easy to get up and running. The virtual appliance is easy to maintain.
Support was top notch. The support team really knows their stuff when you run into an issue.
The email alert system is easy to use and attach to a fired rule.,Compared to other SIEMs, there are features that are missing. Machine learning, automatic event correlation, ability to correlate multiple sources together.
The UI is clunky, and the *New* event log analyzer page felt really disjointed from the rest of the product.
In my experience, the dashboards were almost unusable. They persisted across login per device, and even then they sometimes would reset and go back to the ''Getting Started'' look.,7,For the price, it produced a decent value. It did a lot of the easy stuff well. I can't give any specific data given the objective of the product was to monitor very basic events in the environment.
There are free options that can do a better job.,Elasticsearch and AlienVault OSSIM,10Verified UserIf you have SIEM requirements then SolarWinds LEM will come to the rescue!2019-02-04T20:58:49.573ZAs an organization with many types of hardware/software, we needed something to gather logging output using industry standards. We already use SolarWinds for network monitoring so SolarWinds Log & Event Manager (LEM) seemed to fit the bill. We had a vendor assist with the initial installation and configuration. Then it was just a matter of the various teams (Network/MS Server/VM/Unix) to configure their nodes to point to LEM so the data collection could commence.,SolarWinds LEM has not bogged down with the amount of logging data we throw at it. This is comforting because we can rest assure that we can continue to add new nodes to it.
The SolarWinds LEM platform is very stable. The main part is the collector appliance and the second part is the reporting server which you can generate either custom or canned reports for regulatory compliance certification.
When configuring the collectors, you are able to customize the gathering of data to make sure you are getting exactly what you need.,While the initial setup was straightforward, customizations to reports can be a little daunting. Luckily SolarWinds has videos available on steps to proceed and their tech support reps are very helpful too.
The frequency of version updates is few and far between. This may be a good thing and should be expected since it is a set it and forget it kind of virtual appliance.
It would be helpful if SolarWinds LEM had Wizards built-in that could assist in adding new types of devices. At times, I've had to go with trial and error until SolarWinds LEM would actually start collecting data from a particular one-off node.,8,SolarWinds LEM has made a positive impact on our organization because we are now able to demonstrate to auditors that we are compliant with the various regulations such as PCI, HIPAA, etc.
The license renewal costs are reasonable and fall within our budget every year. Much less than if we were to incur fines of being out of compliance.
We were able to save money by deploying the system into our VM infrastructure and not have to spend money on physical appliances/servers.,,SolarWinds Network Performance Monitor, Foglight, Cisco Prime LAN Management SolutionRoger MialkowskiLEM, your one stop shop for Security Event and Incident Management!2019-02-28T17:31:17.003ZAs a Network Monitoring Engineer and instructor, I see many Government and Military IT Organizations choose LEM as their primary Security Event and Incident Manager(SEIM) across all of their networks. LEM allows them to have a consolidated, normalized view of both their server and network environments. Having a consolidated view provides SolarWinds customers with the ability to correlate multiple security events across disparate systems and greatly reduces the amount of time and effort to detect and respond to potential security intrusions.,One of the most valuable features of SolarWinds LEM is its ability to normalize logs from differing systems into one common format. LEM normalization saves time and effort in doing forensic analysis by letting security personnel see the "whole picture" of their network in one place.
LEM's Active Response capability makes it easy to watch a security event happen in real time and to take immediate action. For example, LEM can very efficiently allow security personnel to logoff suspect users or even restart important Windows Server processes in real time, before further intrusion can happen.
LEM has a lot of out of the box features that allow for the quick implementation of security policy across many industries. LEM can provide immediate compliance monitoring and management for standards such as PICA, HIPAA and DISA-STIG.,The number one challenge for SolarWinds customers I see is LEM's reporting software. LEM Reporter, a standalone Windows Application, is not as intuitive as customers would like and they report some instability in the application itself. Customers tend to use LEM's search scheduling as a more effective way to report on security events.
Performance has been an issue based on LEM's use of a Flash interface. This has been a limitation for a long time. However, with the transition of the LEM interface from Flash to HTML5, customers are reporting much better performance starting in LEM 6.5
Every one of my customers makes some comment about LEM's very high learning curve. LEM is not very intuitive, requiring a lot of rote learning through repetition. Many LEM customers request some type of training to help them learn to use it.,9,LEM provides users the ability to reduce administration and operations cost by consolidating log management into one system.
LEM allows various IT departments such as server and network to work together using normalized common events. This increases operational efficiency and reduces event correlation time.
Customers should expect a high learning curve for personnel when the product is first implemented. Network management will need to plan on some ramp-up time cost up front.,SolarWinds Network Performance Monitor, SolarWinds Server & Application Monitor, Cisco Prime LAN Management SolutionJim Trucano-HarpSolarWinds Log & Event Manager fills gaps in Windows/AD monitoring2019-01-15T21:27:54.324ZWe use LEM for two main purposes. First, to replace an obsolete Cisco MARS appliance that captured a couple of days' worth of packets from our firewalls for forensic purposes. Second, to provide notification to staff of AD events such as account lockouts and administrator logins. Users are strictly within the infrastructure team of the IT department.,Able to ingest full Syslog output from three enterprise firewalls.
Able to detect and alert on specific Active Directory events.,The interface for creating alerts is onerous. It is necessary to dig out the exact event ID of anything you want to alert on.
Early versions required a separate server to host a FastBit database, but that requirement has been eliminated with the latest release; SQL is now required.,10,We did not have to purchase Cisco's successor to MARS, that is a large ROI.
We did not have the ability to know when users locked their accounts by bad password attempts, now we know before they call us.,,Tivoli Storage Manager, Solarwinds Storage Resource Monitor, Solarwinds Web Performance MonitorScott ReeseSolarWinds Log & Event Manager: Exactly as Advertised2019-03-15T01:49:10.148ZSolarWinds Log & Event Manager is used by our company's IT department to monitor events on domain controllers in locations across the globe. The primary use is for account events, such as lockouts, disablement, and enablement to both user and computer accounts. It is a more proactive way to give attention to user account management. While not an originally intended use, the node health section also lets us know if a domain controller is not acting properly.,Monitors account lockouts and reports them with detail so that it is easier to solve this with end users.
Monitors and reports account disablement with detail to whoever disabled an account, for audit and accountability.
Also, monitors and reports account enablement with detail to whoever enabled an account, again for audit and accountability.,Flash-based UI can lag, HTML5 would be preferred
Availability for custom widgets, but you need a bit of training to get things done right unless you have time for trial and error.
It only knows what it knows for account lockouts. If a source machine isn't available in the Event Viewer ID that triggers the alert, it does not have any extra tools to help it determine the issue.,10,Increases productivity by pinpointing most account lockouts, allowing our helpdesk team to focus on other incoming issues
Provides details on account disablement for audit purposes.Verified UserSolarwinds - great product with a few small flaws.2018-03-01T21:18:59.186ZSolarWinds has been implemented across our network as a systems management platform for server, applications and high value workstations. I assisted it's implementation with the systems that I administer across the region. It allows us to track the health of critical services and to quickly identify and address problems as they occur.,We use the client on register systems as event forwarders and log collection.
It enables us to verify the access security to high value workstations and register systems.
It provides a repository storage for log files so that they do not solely exist on workstations.
It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.,Within the scope of my role I have noticed that the client can be problematic during system startup - some of the register systems we use are older and have lower resolution screens. When the client loads it pops up on screen but completely out of scale (to clarify, it may open a window that is 14x14 inches on a screen that only displays 10x10 inches. This is more frustration than a functional problem.
Automated rollout would be useful but it is outside of my scope in my job to even know if it already has automated install capability.
The GUI itself is a little clunky and there is somewhat of a learning curve - training is provided to clients however a friendlier interface would be helpful.,7,This is a little outside of my level of involvement to answer adeptly. That being said I do know that it has been instrumental in allowing our organization to implement a central storage for log files and it's something we have wanted to implement for a long time.,KACE Endpoint Systems Management ApplianceJoseph CrookSolarWinds LEM, it'll get the job done if you're willing to get your hands dirty.2017-11-07T21:00:40.461ZWe are currently using Solarwinds LEM to pull logs from about 150 servers. We have also worked to get logs pulled from some barracuda load balancers and also a barracuda message archiver. We have alerting set on account lockouts and some other security events. LEM has helped notify us of account attacks and has also been valuable to reviewing both application and security logging when we need to cross reference servers or look at historical data.,LEM's console interface works well to narrow down all the logs into a view able format.
You can customize alerting triggers off of any event conditions.
the logging agent is relatively small and easy to deploy.,In order to navigate the console smoothly and set alerting in place, you need to go through their training.
All your configuration is done by hand. There are no built in analytics or alerting to help you.
I've found the reporting, real time and otherwise, to be slow and unruly. There are some updates and work a rounds that we have applied to help optimize the process, but if you try to pull to many logs, or over too long a period of time it will often time out.
The logging and reporting is dependent on the server automatically determining the type of server and logs it is getting. If it doesn't properly tag the logs, then they are essentially gone, lost, unsearchable. There is no good way to manually tell the server to classify the logs, which makes the process either difficult or impossible at times.,6,It has helped to give us an insight into our accounts and has been valuable to alert us to attacks.
It has been valuable to manually correlate logs after there have been incidents and server issues.
For the price, it has not given us any preventative analytics. Some of our alerting is based off of events that caused problems after the fact, so not really helpful at the time.,AlienVault USM and Splunk Enterprise,Microsoft Exchange, Skype for Business, SolarWinds Server & Application Monitor, VMware vCenter ServerVerified UserLEM pulls event data from across our network2017-03-21T20:29:38.926ZOur IT department uses SolarWinds Log & Event Manager (LEM) to monitor events across our network. LEM consolidates security alerts from our firewalls as well as OS event alerts from servers. Application generated errors are passed on to our development team.,LEM is able to pull from a variety of different information sources without requiring a lot of configuration changes to get the data flowing.
LEM assists in limiting the amount of data required for the business need without requiring a full dump (ie SNMP from all sources).,LEM does require tweaking in order to get each data source configured. The event data comes into LEM easily, but the kind of data needs to be identified or custom classifications set up to organize the resulting alerts meaningfully.,9,LEM has not made a positive impact on ROI. Instead it has provide required information (compliance requirement) and useful data for ensuring security and other standards are maintained.Verified UserLEMme tell you about Solarwinds LEM!2016-02-16T18:42:19.950ZWe use Solarwinds Log and Event Manager (LEM) as our SIEM to correlate all of our various log data coming from servers, network equipment and security appliances to create meaningful alerts and, in some cases, automatically take action. LEM gives important insight for our IT staff into the activity the occurs on our network. It can be used for troubleshooting communication issues, quickly identifying policies that are blocking legitimate traffic, or to identify anomalies in network traffic that need to be investigated. It also sends email notifications when certain events are detected, allowing us to have eyes on even when we are away.,Incredibly easy to set up. It was deployed and had log sources pointed to it and performing basic correlations within a day.
Auto-response. The automated responses that are available after deploying the agent give you incredible control to respond to events on your network.
User-friendly interface. Some SIEMs can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.,No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed.
Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.,9,Faster turnaround when investigating access issues. LEM's search function allows you to quickly identify which ACL policy may be blocking a user's access - and as a result quickly resolve the issue.
Regulatory compliance. If you have regulatory compliance requirements for security monitoring, this product will likely check off a few boxes.
Stronger security posture. Not every company can afford a 24 hour Security Operations Center. Intelligent technology like LEM can help fill in those gaps to strengthen your security posture, and even allow for complex automated responses to threats during non-business hours.,IBM Security QRadar, McAfee Enterprise Security Manager and RSA Security Analytics,IBM Security QRadar, FireEye, McAfee Network Security PlatformVerified User
Windows
SolarWinds Security Event Manager
46 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
