SolarWinds Security Event Manager (SEM) Reviews and Ratings

Use Cases and Deployment Scope

SolarWinds Security Event Manager checks a few different boxes: 1. Consolidated events from a huge variety of log sources. 2. A good presentation layer for #1. 3. Applies to more than a few GRC obligations. 4. And does 1-3 at an incredibly reasonable price.

Likelihood to Recommend

Optimal for SolarWinds Security Event Manager needs for smaller companies - it is a very cool product but has some limitations around EPS (which gets chewed up quickly if you're doing it the right way & adding servers/storage/FW & other network devices)... Also pricing model is GREAT (not consumption-based, which is the greatest grift the SIEM industry has created).

Use Cases and Deployment Scope

We use SEM to collect and analyze events from servers and routers. We can find the issues, like incorrect user logon and most port visit on router from SEM reports.

Likelihood to Recommend

SEM is a good software to collect all the events and be a platform to have a view of the whole network status, instead of connecting to each server, find a clue from thousands of events. SEM also keeps a history of events and save space on each server, avoiding server defective while free space is consumed by huge event log files.

Use Cases and Deployment Scope

We use SEM (formally LEM) to log changes that are made in our switching

environment and who made them. SEM also logs all changes in our active

directory environment. We log any and all account changes such as

account renames, account deletions, account creations, and again who

made those changes. SEM logs our servers, who logs into them, and any

changes that are made to the server. We receive emails immediately when

any of the above mention processes take place. It is nice to see these

changes especially when it is evenings and weekends while we are not in

the office. If changes are made while we are not working, we know to

follow up with the person whose account made the changes to see if they

are legit or not.

Likelihood to Recommend

SEM is well suited for smaller companies looking to log events and usage. We really use it a lot to see what network accounts are changed and who changed them and who is logging into what servers and when they are doing it. We watch these things for suspicious logins and suspicious activity on servers. SEM helps us to see what switches have had changes made to them and who made the change as well as the time/date.

Use Cases and Deployment Scope

We use SEM on a daily basis in our environment as per our built-out rules. We are notified of certain security events as they happen. Aside from that, we access SEM to run queries on an as-needed basis. With this we have a monitor running in the background keeping an eye on the events we want to monitor.

Likelihood to Recommend

We have had scenarios in the past where a user account gets locked out continuously. As it turned out they recently changed their password but were apparently logged in elsewhere under their old password. The problem came in trying to determine where they were logged in from. With LEM we were able to query for the lockout event to determine where the failed login attempts were coming from. Once known, the account was logged out of the machine and the lockout events quit occurring.

Use Cases and Deployment Scope

We use SEM as our primary logging solution for all network infrastructure devices (switches, routers, WLCs, etc). The software allows us to track changes, identify issues, and it helps us stay compliant with insurance requirements. Particularly useful is the ability to send e-mail notifications when a critical event has occurred.

Likelihood to Recommend

There are numerous SIEM solutions out there, all of which offer similar features. SEM does have a slight learning curve to get set up and working but is not unreasonable. For us, SolarWinds SEM strikes the perfect balance between cost and functionality. We re-evaluate our logging needs every year and SEM continues to meet the requirements of our business.

Use Cases and Deployment Scope

SolarWinds Security Event Manager (SEM) is our dedicated syslog for network devices, providing a higher set of features, search capabilities and filters than the basic syslog section in the Network Performance Module (NPM). The built-in dashboards and ability to look at events in various categories prove particularly useful in troubleshooting scenarios.

Likelihood to Recommend

SolarWinds Security Event Manager (SEM) would definitely prove itself as a valuable tool in any network administrator's portfolio, surpassing the syslog capabilities built into the SolarWinds Performance Manager. The ability to check both historical and live logs and have the events categorized, as well as the option to apply multiple filters to narrow down searches to the relevant information are of great use in troubleshooting scenarios or forensic tasks.

Use Cases and Deployment Scope

Main SIEM All feeds to this

Likelihood to Recommend

SEM is scalable and would fit most installations. May need more than one if you have a large installation

Use Cases and Deployment Scope

We use it as an internal SIEM tool and we also train others how to use it.

Likelihood to Recommend

PCI and DISA STIG monitoring and compliance are a strong point for SEM. There are a fair number of out-of-the-box filters for both. Developing a monitoring approach which is entirely custom and not bound to a particular regulatory framework is cumbersome due to the limited assistance with filter and rule construction.

Use Cases and Deployment Scope

We have a group of servers that reside in Microsoft Azure as well as on-premise. SEM allows us to centrally manage these servers for both security risks as well as general events that we may otherwise miss. With the SEM technology, we are able to spend more time where it is needed and rely on SEM to notify us of any potential issues or threats.

Likelihood to Recommend

This is basically the same as last question.

Use Cases and Deployment Scope

This tool is very beneficial for securing our network environment and systems from any defects in our companies. This tool is our main SIEM solution. We are using SEM as a log collection and event generated on our server farms (local and DMZ). And also we are using real-time monitoring for some specific events defined by our security team.

Likelihood to Recommend

Solar winds can be installed quickly in the production environment and can collect data. Log data collection is the first and most important step for cyber-security and forensic investigation. The tool gives the best services for monitoring our whole network environment with great features.