1. Home
  2. Security Information and Event Management (SIEM) Software
  3. SolarWinds Security Event Manager Reviews

SolarWinds Security Event Manager Reviews

55 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101

Do you work for this company? Manage this listing

Show Filters 

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Show All Filters

Reviews (1-13 of 13)

Adam Morrison profile photo
November 16, 2019

These Events will "Blow" You Away!

Adam Morrison
Score 8 out of 10
Vetted Review
Verified User
Review Source
SolarWinds Security Event Manager is being used by our networking and security team on a daily basis. Often times changes to accounts or to your Microsoft Active directory will be logged, but not alerted. This can lead to a false sense of the current state of your accounts and can make a team "blind" to what is happening inside systems. SolarWinds SEM allows teams to receive emails based on pre defined parameters.
  • SolarWinds easily provides the much needed visibily into changes in an Active Directory (AD) environment. Email alerting can be configured to alert a team if an account is locked out, disabled by another users, or if users and/or computers accounts are created.
  • SolarWinds allowed a searchable audit feature. Microsoft Windows can be configured to log many different parts of a system, but search those logs can be difficult. SEM allows you to search for specific users or events.
  • All SolarWinds product suffer from slow response times in management portals. SolarWinds SEM is no exception. While it is much preferred over a "thick client" there is much room for improvement in speed.
  • If you use the email alert features with SolarWinds make sure to prepare you staff and team for the large amount of emails they could receive. Make sure to reduce the number of alerts so your team does not ignore the alerts.
When an account is created in active directory your teams can be notified. You can also be notified when computer objects are created in your enviroment. This can be helpful to spot unknown devices that may try to bind to your AD for authentication. Or if accounts are deleted in mass you can react quickly.
Read Adam Morrison's full review
No photo available
October 09, 2019

SolarWinds LEM: Useful and Low Cost SIEM Solution for SMBs

Verified User
Score 7 out of 10
Vetted Review
Verified User
Review Source
We initially started using SolarWinds Security Event Manager(previously Log and Event Manager) to meet a security compliance requirement. Once I spent some time with it, I realized that I could use it for alerting on specific events and activities that our users were interested in. For instance, we used the File Integrity Module on our HR file share to alert the HR manager when files were added or deleted, and then we sent a weekly report to that department with all read/write activity. We also used it to monitor AD changes, and the email alerts were really useful in producing historical information about what changes had been made recently.
  • Compared to other SIEMs, it's relatively easy to get up and running. The virtual appliance is easy to maintain.
  • Support was top notch. The support team really knows their stuff when you run into an issue.
  • The email alert system is easy to use and attach to a fired rule.
  • Compared to other SIEMs, there are features that are missing. Machine learning, automatic event correlation, ability to correlate multiple sources together.
  • The UI is clunky, and the *New* event log analyzer page felt really disjointed from the rest of the product.
  • In my experience, the dashboards were almost unusable. They persisted across login per device, and even then they sometimes would reset and go back to the ''Getting Started'' look.
Smaller companies just getting started with looking at security products would like the product. Also, maybe smaller companies without dedicated security staff that just need something for some bare minimum requirements. It does some of the easy stuff pretty well, and there's no massive learning curve.

Bigger companies or companies with dedicated security staff will likely look at other options. This seems like an entirely mid-market only purchase. If you want to be able to correlate events from multiple sources, not just agent-based windows logs, you'll likely need to look elsewhere. While you can also forward syslog to the appliance, you can't enrich any data or use sources like NIDS/HIDS logs. This product will not give you a true single pane of glass like some offerings.
Read this authenticated review
No photo available
November 15, 2019

SolarWinds SEM Review

Verified User
Score 1 out of 10
Vetted Review
Verified User
Review Source
We are mostly using it to track logs from our Windows Server. We do also have some networking equipment sending syslog to it as well. Primarily we use it to help track down password lockouts. Its terrible UI doesn't allow for much more than that. It would be nice if there were some nice looking always on dashboard type screens we could use.
  • I honestly don't have too many good things to say about it. It was cheap compared to other products like Splunk and that's why we bought it.
  • Even though this is like 90X cheaper than other products like Splunk, etc. - It's still overpriced because it's terrible.
  • Flash, Java, Really? Who still uses this? Also, why is this not integrated with Orion and useable from the same Solarwinds dashboard as all our other Solarwinds products?
I'd give it a 0 if that was an option. Sometimes, on the rare occasion that the SSO isn't broken, we can actually log in to this and click around for 30 minutes and finally find some logs that point us in the right direction for tracking down what's locking out an AD account. Other than that, it's useless.
Read this authenticated review
No photo available
October 14, 2019

SolarWinds SEM is the next-gen log correlation solution

Verified User
Score 8 out of 10
Vetted Review
Verified User
Review Source
Our organization chose to invest in SolarWinds Security Event Manager because we needed a centralized log management and correlation solution that can be quickly and seamlessly integrated into our global infrastructure. It is very easy to provision by simply installing additional modules onto the Solarwinds server and pointing all of the network/systems devices to it. Having log data in one central location has a huge benefit. For example, troubleshooting an issue on a network can now be done by multiple teams where everyone with access to SEM can search the log repository. The live filtering and historical search capabilities make it easy to get the necessary evidence and the time stamp of what the issue is and when it started. The built-in templates are also helpful in analyzing and targeting specific log data.
  • Advanced search capabilities across all log data, powered by a quick engine to minimize the delay.
  • Built-in or customized templates.
  • Alerting capabilities.
  • More advanced log correlation mechanisms with better filtering capabilities.
SEM is well suited for all size networks, from small to large. It can be used by network engineers or by security engineers as the tool can address multiple issues.
Read this authenticated review
No photo available
December 09, 2019

Solarwinds working for you again!

Verified User
Score 9 out of 10
Vetted Review
Verified User
Review Source
It is being used across our Presort division. It allows us to monitor daily issues and hiccups so that we can address them from anywhere in the country. With it, I'm able to track my local facility while still traveling to the other facilities in the country. It is a lifesaver when I need to be flexible and have the ability to travel or even stay home.
  • Centralized log collection and normalization.
  • Automated threat detection and response.
  • Integrated compliance reporting tools.
  • Auto report sending alerting.
The initial install is the first step and shows you some compliance issues that you may not even be aware of.
Read this authenticated review
Roger Mialkowski profile photo
February 04, 2019

If you have SIEM requirements then SolarWinds LEM will come to the rescue!

Roger Mialkowski
Score 8 out of 10
Vetted Review
Verified User
Review Source
As an organization with many types of hardware/software, we needed something to gather logging output using industry standards. We already use SolarWinds for network monitoring so SolarWinds Log & Event Manager (LEM) seemed to fit the bill. We had a vendor assist with the initial installation and configuration. Then it was just a matter of the various teams (Network/MS Server/VM/Unix) to configure their nodes to point to LEM so the data collection could commence.
  • SolarWinds LEM has not bogged down with the amount of logging data we throw at it. This is comforting because we can rest assure that we can continue to add new nodes to it.
  • The SolarWinds LEM platform is very stable. The main part is the collector appliance and the second part is the reporting server which you can generate either custom or canned reports for regulatory compliance certification.
  • When configuring the collectors, you are able to customize the gathering of data to make sure you are getting exactly what you need.
  • While the initial setup was straightforward, customizations to reports can be a little daunting. Luckily SolarWinds has videos available on steps to proceed and their tech support reps are very helpful too.
  • The frequency of version updates is few and far between. This may be a good thing and should be expected since it is a set it and forget it kind of virtual appliance.
  • It would be helpful if SolarWinds LEM had Wizards built-in that could assist in adding new types of devices. At times, I've had to go with trial and error until SolarWinds LEM would actually start collecting data from a particular one-off node.
SolarWinds Log & Event Manager is very well suited in a heterogeneous enterprise setting (multiple locations/campuses) where you would have various brands/manufacturers of devices represented. While it doesn't require a full-time admin, it does take a little time to add/update/remove nodes in, configure data collection settings, and generate custom reports. Because of this, it may not be a perfect fit for a small to medium-sized business due to the initial investment of time and cost.
Read Roger Mialkowski's full review
Jim Trucano-Harp profile photo
February 28, 2019

LEM, your one stop shop for Security Event and Incident Management!

Jim Trucano-Harp
Score 9 out of 10
Vetted Review
Reseller
Review Source
As a Network Monitoring Engineer and instructor, I see many Government and Military IT Organizations choose LEM as their primary Security Event and Incident Manager(SEIM) across all of their networks. LEM allows them to have a consolidated, normalized view of both their server and network environments. Having a consolidated view provides SolarWinds customers with the ability to correlate multiple security events across disparate systems and greatly reduces the amount of time and effort to detect and respond to potential security intrusions.
  • One of the most valuable features of SolarWinds LEM is its ability to normalize logs from differing systems into one common format. LEM normalization saves time and effort in doing forensic analysis by letting security personnel see the "whole picture" of their network in one place.
  • LEM's Active Response capability makes it easy to watch a security event happen in real time and to take immediate action. For example, LEM can very efficiently allow security personnel to logoff suspect users or even restart important Windows Server processes in real time, before further intrusion can happen.
  • LEM has a lot of out of the box features that allow for the quick implementation of security policy across many industries. LEM can provide immediate compliance monitoring and management for standards such as PICA, HIPAA and DISA-STIG.
  • The number one challenge for SolarWinds customers I see is LEM's reporting software. LEM Reporter, a standalone Windows Application, is not as intuitive as customers would like and they report some instability in the application itself. Customers tend to use LEM's search scheduling as a more effective way to report on security events.
  • Performance has been an issue based on LEM's use of a Flash interface. This has been a limitation for a long time. However, with the transition of the LEM interface from Flash to HTML5, customers are reporting much better performance starting in LEM 6.5
  • Every one of my customers makes some comment about LEM's very high learning curve. LEM is not very intuitive, requiring a lot of rote learning through repetition. Many LEM customers request some type of training to help them learn to use it.
LEM is best deployed in networks requiring high-speed aggregation of log messages across disparate platforms to a single logging system. In an environment where immediate response to security events and incidents is needed, LEM performs very well. From tracking suspicious user login events in real time to detaching suspect USB devices from workstations, LEM provides the ability to respond quickly.
Read Jim Trucano-Harp's full review
Scott Reese profile photo
January 15, 2019

SolarWinds Log & Event Manager fills gaps in Windows/AD monitoring

Scott Reese
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use LEM for two main purposes. First, to replace an obsolete Cisco MARS appliance that captured a couple of days' worth of packets from our firewalls for forensic purposes. Second, to provide notification to staff of AD events such as account lockouts and administrator logins. Users are strictly within the infrastructure team of the IT department.
  • Able to ingest full Syslog output from three enterprise firewalls.
  • Able to detect and alert on specific Active Directory events.
  • The interface for creating alerts is onerous. It is necessary to dig out the exact event ID of anything you want to alert on.
  • Early versions required a separate server to host a FastBit database, but that requirement has been eliminated with the latest release; SQL is now required.
Filtering, detection, and notification of Windows and AD events is LEM's strong point, though it's tricky to build the filters. It's not necessarily designed for forensic firewall packet capture but it can be used for that purpose.
Read Scott Reese's full review
No photo available
March 14, 2019

SolarWinds Log & Event Manager: Exactly as Advertised

Verified User
Score 10 out of 10
Vetted Review
Verified User
Review Source
SolarWinds Log & Event Manager is used by our company's IT department to monitor events on domain controllers in locations across the globe. The primary use is for account events, such as lockouts, disablement, and enablement to both user and computer accounts. It is a more proactive way to give attention to user account management. While not an originally intended use, the node health section also lets us know if a domain controller is not acting properly.
  • Monitors account lockouts and reports them with detail so that it is easier to solve this with end users.
  • Monitors and reports account disablement with detail to whoever disabled an account, for audit and accountability.
  • Also, monitors and reports account enablement with detail to whoever enabled an account, again for audit and accountability.
  • Flash-based UI can lag, HTML5 would be preferred
  • Availability for custom widgets, but you need a bit of training to get things done right unless you have time for trial and error.
  • It only knows what it knows for account lockouts. If a source machine isn't available in the Event Viewer ID that triggers the alert, it does not have any extra tools to help it determine the issue.
Great for email alerts of account actions, such as lockout, enablement, and disablement. We engaged in a separate solution to track account creation. Other solutions are needed for the in-depth tracking of account lockouts if it doesn't involve a definite source machine on the network.
Read this authenticated review
Joseph Crook profile photo
March 01, 2018

Solarwinds - great product with a few small flaws.

Joseph Crook
Score 7 out of 10
Vetted Review
Verified User
Review Source
SolarWinds has been implemented across our network as a systems management platform for server, applications and high value workstations. I assisted it's implementation with the systems that I administer across the region. It allows us to track the health of critical services and to quickly identify and address problems as they occur.
  • We use the client on register systems as event forwarders and log collection.
  • It enables us to verify the access security to high value workstations and register systems.
  • It provides a repository storage for log files so that they do not solely exist on workstations.
  • It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.
  • Within the scope of my role I have noticed that the client can be problematic during system startup - some of the register systems we use are older and have lower resolution screens. When the client loads it pops up on screen but completely out of scale (to clarify, it may open a window that is 14x14 inches on a screen that only displays 10x10 inches. This is more frustration than a functional problem.
  • Automated rollout would be useful but it is outside of my scope in my job to even know if it already has automated install capability.
  • The GUI itself is a little clunky and there is somewhat of a learning curve - training is provided to clients however a friendlier interface would be helpful.
For medium to large scale business that incorporate high-value resources and need a central log repository I think SolarWinds is fantastic. It may be overkill for smaller businesses however.
Read Joseph Crook's full review
No photo available
November 07, 2017

SolarWinds LEM, it'll get the job done if you're willing to get your hands dirty.

Verified User
Score 6 out of 10
Vetted Review
Verified User
Review Source
We are currently using Solarwinds LEM to pull logs from about 150 servers. We have also worked to get logs pulled from some barracuda load balancers and also a barracuda message archiver. We have alerting set on account lockouts and some other security events. LEM has helped notify us of account attacks and has also been valuable to reviewing both application and security logging when we need to cross reference servers or look at historical data.
  • LEM's console interface works well to narrow down all the logs into a view able format.
  • You can customize alerting triggers off of any event conditions.
  • the logging agent is relatively small and easy to deploy.
  • In order to navigate the console smoothly and set alerting in place, you need to go through their training.
  • All your configuration is done by hand. There are no built in analytics or alerting to help you.
  • I've found the reporting, real time and otherwise, to be slow and unruly. There are some updates and work a rounds that we have applied to help optimize the process, but if you try to pull to many logs, or over too long a period of time it will often time out.
  • The logging and reporting is dependent on the server automatically determining the type of server and logs it is getting. If it doesn't properly tag the logs, then they are essentially gone, lost, unsearchable. There is no good way to manually tell the server to classify the logs, which makes the process either difficult or impossible at times.
It will get your logs collected and sortable. If you are mostly doing Windows servers or workstations, then it can be a good solution. You will have to be willing to learn the software and manually create all the alerting and reporting, but once you have it set up the way you want, it should work. If you are looking at a log collection solution that has any of its own smarts and analytics, you'll want to look elsewhere. If you want out of the box reporting and alerting, look elsewhere.
Read this authenticated review
No photo available
March 21, 2017

LEM pulls event data from across our network

Verified User
Score 9 out of 10
Vetted Review
Verified User
Review Source
Our IT department uses SolarWinds Log & Event Manager (LEM) to monitor events across our network. LEM consolidates security alerts from our firewalls as well as OS event alerts from servers. Application generated errors are passed on to our development team.
  • LEM is able to pull from a variety of different information sources without requiring a lot of configuration changes to get the data flowing.
  • LEM assists in limiting the amount of data required for the business need without requiring a full dump (ie SNMP from all sources).
  • LEM does require tweaking in order to get each data source configured. The event data comes into LEM easily, but the kind of data needs to be identified or custom classifications set up to organize the resulting alerts meaningfully.
LEM is valuable for pulling from many sources and consolidating resulting events into reports and alerts. LEM is not well suited to users not used to working with and parsing raw information.
Read this authenticated review
No photo available
February 16, 2016

LEMme tell you about Solarwinds LEM!

Verified User
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Solarwinds Log and Event Manager (LEM) as our SIEM to correlate all of our various log data coming from servers, network equipment and security appliances to create meaningful alerts and, in some cases, automatically take action. LEM gives important insight for our IT staff into the activity the occurs on our network. It can be used for troubleshooting communication issues, quickly identifying policies that are blocking legitimate traffic, or to identify anomalies in network traffic that need to be investigated. It also sends email notifications when certain events are detected, allowing us to have eyes on even when we are away.
  • Incredibly easy to set up. It was deployed and had log sources pointed to it and performing basic correlations within a day.
  • Auto-response. The automated responses that are available after deploying the agent give you incredible control to respond to events on your network.
  • User-friendly interface. Some SIEMs can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
  • No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed.
  • Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.
SolarWinds Log & Event Manager (LEM) is a SIEM that is very well suited for environments where you have a small team managing your technology and need a powerful tool that is easy to set up and requires little maintenance and care to continue doing it's job. In the time that we have had LEM deployed, it has been very solid and has required very little intervention to resolve issues. It comes pre-packaged with some great correlations to get up and running right out of the box as soon as log sources are pointed at it. If you need a SIEM and either don't have the expertise in house, or don't want to spend the resources for professional services, this may be a good fit. There are only a handful of situations where we have run into LEM's limitations when trying to setup functionality or correlations. Otherwise, it is an excellent SIEM that offers some great features.
Read this authenticated review

SolarWinds Security Event Manager Scorecard Summary

Likelihood to Recommend (55)
8.2
Support (5)
7.1

Feature Scorecard Summary

Centralized event and log data collection (13)
9.2
Correlation (10)
8.7
Event and log normalization (13)
8.6
Deployment flexibility (13)
8.3
Integration with Identity and Access Management Tools (10)
8.3
Custom dashboards and views (13)
5.4
Host and network-based intrusion detection (4)
8.8

About SolarWinds Security Event Manager

SolarWinds Security Event Manager (previously know as Log & Event Manager) is a powerful and award-winning SIEM. It is an on-prem deployed tool that collects, consolidates, and analyzes logs and events from firewalls, IDS/IPS devices and applications, switches, routers, servers, operating system logs, and other applications.

The main applications are threat detection, automated incident analysis and response, and compliance reporting for IT infrastructure.
Categories:  Security Information and Event Management (SIEM)

SolarWinds Security Event Manager Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Does not have featureHost and network-based intrusion detection

SolarWinds Security Event Manager Screenshots

SolarWinds Security Event Manager Video

Security Event Manager - Overview

SolarWinds Security Event Manager Downloadables

SolarWinds Security Event Manager Competitors

Pricing

Has featureFree Trial Available?Yes
Does not have featureFree or Freemium Version Available?No
Does not have featurePremium Consulting/Integration Services Available?No
Entry-level set up fee?No

SolarWinds Security Event Manager Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Video Tutorials / Webinar

SolarWinds Security Event Manager Technical Details

Deployment Types:On-premise
Operating Systems: Windows
Mobile Application:No