SolarWinds Security Event Manager (SEM)
Overview
What is SolarWinds Security Event Manager (SEM)?
SolarWinds LEM is security information and event management (SIEM) software.
Easy to install and easy to use
SolarWinds SEM helps system administrator analyze issues on network and server
Set-and-Forget with as needed functionality
SEM - a great product that's even better if you can dedicate the time to learn it.
SEM - Powerful and Affordable
Security Event Manager (SEM) - An intuitive and inexpensive product if you need a reliable Syslog manager in a classical network deployment
SEM provides easy, affordable SIEM appliance
SolarWinds SEM is easy to setup and (mostly) manageable
Superior Product, Easy to Implement and Very Reliable!
Easy product for Security Information and Event Management (SIEM)
S-Short E-Effective M-Monitoring Solution!!!
A boring review. It just works.
Log Police - The Best at Logging Events and Collection
Review of SolarWinds Security Event Manager
Great for Continental Enterprises
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (17)8.585%
- Deployment flexibility (17)7.979%
- Event and log normalization/management (17)7.373%
- Custom dashboards and workspaces (16)4.949%
Pricing
What is SolarWinds Security Event Manager (SEM)?
SolarWinds LEM is security information and event management (SIEM) software.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
38 people also want pricing
Alternatives Pricing
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
What is Sumo Logic?
Sumo Logic is a log management offering from the San Francisco based company of the same name.
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(17) Ratings
Effectiveness of real-time centralized event and log data collection
- 7.6Correlation(14) Ratings
Correlation of logs and events to pinpoint significant threats
- 7.3Event and log normalization/management(17) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 7.9Deployment flexibility(17) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.9Integration with Identity and Access Management Tools(12) Ratings
Integration with access control tools like Active Directory and LDAP
- 4.9Custom dashboards and workspaces(16) Ratings
dashboards that can be customized to meet the needs of specific groups
- 10Host and network-based intrusion detection(3) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is SolarWinds Security Event Manager (SEM)?
The main applications are threat detection, automated incident analysis and response, and compliance reporting for IT infrastructure.
SolarWinds Security Event Manager (SEM) Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
SolarWinds Security Event Manager (SEM) Screenshots
SolarWinds Security Event Manager (SEM) Video
SolarWinds Security Event Manager (SEM) Competitors
SolarWinds Security Event Manager (SEM) Technical Details
Deployment Types | On-premise |
---|---|
Operating Systems | Windows |
Mobile Application | No |
SolarWinds Security Event Manager (SEM) Downloadables
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(120)Community Insights
- Pros
- Cons
- Recommendations
Easy Configuration Process: Many users have expressed their positive experiences with the configuration process of SolarWinds, noting that it is easy and straightforward. This indicates that the product provides a user-friendly interface for making necessary adjustments, making it convenient for users to set up and customize according to their needs.
Excellent Customer Support: Several reviewers have praised the expertise and effectiveness of SolarWinds' customer support team in resolving issues. They have found the assistance provided by the support team to be valuable in addressing any concerns or difficulties they encountered while using the product.
Efficient Log Collection and Normalization: Users appreciate the centralized log collection and normalization feature offered by SolarWinds. This functionality streamlines the monitoring and analysis process by efficiently collecting logs from various sources and normalizing them into a consistent format. This allows for easier management and analysis of log data, saving users time and effort.
Confusing User Interface: Users have expressed dissatisfaction with the confusing user interface of SolarWinds SEM, which has made tasks difficult to accomplish. Many reviewers have specifically mentioned that they struggled to navigate and understand the UI.
Limited Reporting Capabilities: Users have found the reporting capabilities of SEM to be limited and not intuitive. They have suggested the need for a better report generation tool that offers more flexibility and customization options.
Poor Integration with Other Products: Several users desired better integration between SEM and other products in the SolarWinds line, such as NPM. They mentioned difficulties in achieving seamless integration, which hindered their ability to effectively manage their network infrastructure.
Users have provided several recommendations based on their experiences with SolarWinds Security Event Manager. The three most common recommendations are:
-
It is important to have a detailed plan before deploying the tool. This will help meet expectations and ensure effective usage.
-
Users highly recommend SolarWinds Security Event Manager as a reliable security solution. It provides comprehensive log monitoring and is particularly useful for tracking equipment, communication lines, and backup programming.
-
Before making a decision, users suggest evaluating whether SolarWinds Security Event Manager meets the specific requirements of your company. Consider factors such as company size, data protection needs, scalability, user intuitiveness, ease of installation, and cost-effectiveness.
It's worth noting that while some users find the software easy to use and understand, others mention concerns about its pricing and suggest exploring alternative options like PRTG or OpManager.
Attribute Ratings
Reviews
(26-45 of 45)SEM review of a SolarWinds fanboy at heart
- Automated threat detection
- Log collection
- Live filtering
- Custom rules
- Alerting can be confusing to configure
- The dashboards and widgets look a little old as with all SolarWinds products
- The initial setup can take a lot of time
SolarWinds Security Event Manager Review
- It is flexible with a variety of system connectors.
- Setup is easy.
- Monitoring log size and system resources is simple.
- It is a robust product so, not clear out of the box exactly what it can do.
- Agent installs can sometimes need manual removal.
- If you're running an older version of SEM, migrating clients to a new install isn't clear-cut.
Slick UI, great features, just a little difficult to set up
- Visualization: the UI is slick and easy to follow.
- Filtering and Sorting: narrowing down logs is powerful.
- Windows event log parsing
- Device support: less common devices do not have drivers. An SDK or generic one to customize would be useful.
- Generic syslog: some standalone syslog solutions without parsing are more powerful just for log analysis.
- Traceability: tracing log events back to the source needs to be done in the older flash UI until implemented in the new UI.
Very good product, easy to install!
- Ease of use.
- Good integration with others products.
- Default detection rules.
- Filter easy to understand.
- Better report generation tool could be made (last version is better, but still room for amelioration).
- Mobile app would be very useful (not web, real app).
SoalrWinds SEM - great value
It is generally used by the security team, but read-only access has been given to the networking and windows team to enable them to search for specific log entries.
- Parses the logs into several comment fields to make the search easier
- Can scale up to 218 million per day
- For large amount of events, there is an unreasonable amount of CPUs and Memory needed
- Reporting function has not been updated in many years and is very difficult to write
It is not well suited for reporting, as it is very slow, making it almost unusable. The File Integrity Monitor is a good concept but does not work well in the real world. As it generates multiple events for file delete, create, etc.
Solarwinds working for you again!
- Centralized log collection and normalization.
- Automated threat detection and response.
- Integrated compliance reporting tools.
- Auto report sending alerting.
- Advanced search capabilities across all log data, powered by a quick engine to minimize the delay.
- Built-in or customized templates.
- Alerting capabilities.
- More advanced log correlation mechanisms with better filtering capabilities.
SolarWinds Security Event Manager Review
- Log Filtering
- Alerting
- Monitoring
- SEM does have some efficiency issues, other tools have been able to handle millions of logs per hour but SEM seems to get overloaded quickly.
- The UI is slow to respond after the solution has been running for a while.
- Some of the logic is fairly limited with the UI, maybe they could improve the usability of the UI.
SolarWinds Security Event Manager: A "log" above everyone else
- Allows log collecting from almost any source of data, using multiple types of authentication and collection (i.e. SNMP, WMI, etc.)
- Allows customization of dashboards per user, so that you can quickly find the information relevant to your position.
- The dashboard and reports use javascript, which can be slow to load.
- To get it up and running was fast, however, to correctly configure proper alerts, you have to spend a ton of time.
- SEM normalizes logs very well. It is simple to be able to compare fields in logs from say a Cisco router and a Windows server, especially timestamps.
- SEM has great flexibility in customizing its various aspects, especially its correlation rules and reports.
- SEM doesn't support out-of-the-box several device manufacturers that are used in my environment. For example, Peplink and Netonix.
- I have to purchase a separate log parser tool rather than having it included in SEM.
- It does a great job of notifying us when accounts have been locked out. We can then find out the device on the network where the login attempt occurred.
- Searching for incidents is now a lot faster with the implementation of the HTML 5 interface.
- Some aspects have not been fully integrated into HTML 5. Those are still a bit slow to access.
- Need an easier way to upgrade the software. SSH to the console and running the commands to connect to the TFTP server is archaic. Needs an “update” button.
It does well with monitoring for suspicious activity. It can alert you if It sees a client is trying to circumvent DNS so they can go through proxy avoidance tactics.
These Events will "Blow" You Away!
- SolarWinds easily provides the much needed visibily into changes in an Active Directory (AD) environment. Email alerting can be configured to alert a team if an account is locked out, disabled by another users, or if users and/or computers accounts are created.
- SolarWinds allowed a searchable audit feature. Microsoft Windows can be configured to log many different parts of a system, but search those logs can be difficult. SEM allows you to search for specific users or events.
- All SolarWinds product suffer from slow response times in management portals. SolarWinds SEM is no exception. While it is much preferred over a "thick client" there is much room for improvement in speed.
- If you use the email alert features with SolarWinds make sure to prepare you staff and team for the large amount of emails they could receive. Make sure to reduce the number of alerts so your team does not ignore the alerts.
SolarWinds SEM Review
- I honestly don't have too many good things to say about it. It was cheap compared to other products like Splunk and that's why we bought it.
- Even though this is like 90X cheaper than other products like Splunk, etc. - It's still overpriced because it's terrible.
- Flash, Java, Really? Who still uses this? Also, why is this not integrated with Orion and useable from the same Solarwinds dashboard as all our other Solarwinds products?
SolarWinds LEM: Useful and Low Cost SIEM Solution for SMBs
- Compared to other SIEMs, it's relatively easy to get up and running. The virtual appliance is easy to maintain.
- Support was top notch. The support team really knows their stuff when you run into an issue.
- The email alert system is easy to use and attach to a fired rule.
- Compared to other SIEMs, there are features that are missing. Machine learning, automatic event correlation, ability to correlate multiple sources together.
- The UI is clunky, and the *New* event log analyzer page felt really disjointed from the rest of the product.
- In my experience, the dashboards were almost unusable. They persisted across login per device, and even then they sometimes would reset and go back to the ''Getting Started'' look.
Bigger companies or companies with dedicated security staff will likely look at other options. This seems like an entirely mid-market only purchase. If you want to be able to correlate events from multiple sources, not just agent-based windows logs, you'll likely need to look elsewhere. While you can also forward syslog to the appliance, you can't enrich any data or use sources like NIDS/HIDS logs. This product will not give you a true single pane of glass like some offerings.
SolarWinds Log & Event Manager: Exactly as Advertised
- Monitors account lockouts and reports them with detail so that it is easier to solve this with end users.
- Monitors and reports account disablement with detail to whoever disabled an account, for audit and accountability.
- Also, monitors and reports account enablement with detail to whoever enabled an account, again for audit and accountability.
- Flash-based UI can lag, HTML5 would be preferred
- Availability for custom widgets, but you need a bit of training to get things done right unless you have time for trial and error.
- It only knows what it knows for account lockouts. If a source machine isn't available in the Event Viewer ID that triggers the alert, it does not have any extra tools to help it determine the issue.
LEM, your one stop shop for Security Event and Incident Management!
- One of the most valuable features of SolarWinds LEM is its ability to normalize logs from differing systems into one common format. LEM normalization saves time and effort in doing forensic analysis by letting security personnel see the "whole picture" of their network in one place.
- LEM's Active Response capability makes it easy to watch a security event happen in real time and to take immediate action. For example, LEM can very efficiently allow security personnel to logoff suspect users or even restart important Windows Server processes in real time, before further intrusion can happen.
- LEM has a lot of out of the box features that allow for the quick implementation of security policy across many industries. LEM can provide immediate compliance monitoring and management for standards such as PICA, HIPAA and DISA-STIG.
- The number one challenge for SolarWinds customers I see is LEM's reporting software. LEM Reporter, a standalone Windows Application, is not as intuitive as customers would like and they report some instability in the application itself. Customers tend to use LEM's search scheduling as a more effective way to report on security events.
- Performance has been an issue based on LEM's use of a Flash interface. This has been a limitation for a long time. However, with the transition of the LEM interface from Flash to HTML5, customers are reporting much better performance starting in LEM 6.5
- Every one of my customers makes some comment about LEM's very high learning curve. LEM is not very intuitive, requiring a lot of rote learning through repetition. Many LEM customers request some type of training to help them learn to use it.
- Able to ingest full Syslog output from three enterprise firewalls.
- Able to detect and alert on specific Active Directory events.
- The interface for creating alerts is onerous. It is necessary to dig out the exact event ID of anything you want to alert on.
- Early versions required a separate server to host a FastBit database, but that requirement has been eliminated with the latest release; SQL is now required.
- LEM's console interface works well to narrow down all the logs into a view able format.
- You can customize alerting triggers off of any event conditions.
- the logging agent is relatively small and easy to deploy.
- In order to navigate the console smoothly and set alerting in place, you need to go through their training.
- All your configuration is done by hand. There are no built in analytics or alerting to help you.
- I've found the reporting, real time and otherwise, to be slow and unruly. There are some updates and work a rounds that we have applied to help optimize the process, but if you try to pull to many logs, or over too long a period of time it will often time out.
- The logging and reporting is dependent on the server automatically determining the type of server and logs it is getting. If it doesn't properly tag the logs, then they are essentially gone, lost, unsearchable. There is no good way to manually tell the server to classify the logs, which makes the process either difficult or impossible at times.
LEM pulls event data from across our network
- LEM is able to pull from a variety of different information sources without requiring a lot of configuration changes to get the data flowing.
- LEM assists in limiting the amount of data required for the business need without requiring a full dump (ie SNMP from all sources).
- LEM does require tweaking in order to get each data source configured. The event data comes into LEM easily, but the kind of data needs to be identified or custom classifications set up to organize the resulting alerts meaningfully.
LEMme tell you about Solarwinds LEM!
- Incredibly easy to set up. It was deployed and had log sources pointed to it and performing basic correlations within a day.
- Auto-response. The automated responses that are available after deploying the agent give you incredible control to respond to events on your network.
- User-friendly interface. Some SIEMs can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
- No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed.
- Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.