TrustRadius Insights
Easy Configuration Process: Many users have expressed their positive experiences with the configuration process of SolarWinds, noting that …
SolarWinds Security Event Manager (SEM)
Overview
What is SolarWinds Security Event Manager (SEM)?
SolarWinds LEM is security information and event management (SIEM) software.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (17)8.585%
- Deployment flexibility (17)7.979%
- Event and log normalization/management (17)7.373%
- Custom dashboards and workspaces (16)4.949%
Pricing
N/A
Unavailable
What is SolarWinds Security Event Manager (SEM)?
SolarWinds LEM is security information and event management (SIEM) software.
Entry-level set up fee?
- No setup fee
For the latest information on pricing, visithttps://www.solarwinds.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
38 people also want pricing
Alternatives Pricing
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
What is Sumo Logic?
Sumo Logic is a log management offering from the San Francisco based company of the same name.
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is SolarWinds Security Event Manager (SEM)?
SolarWinds Security Event Manager (previously know as Log & Event Manager) is presented by the vendor as a powerful and award-winning SIEM. It is an on-prem deployed tool that collects, consolidates, and analyzes logs and events from firewalls, IDS/IPS devices
and applications, switches, routers, servers, operating system logs, and other applications.
The main applications are threat detection, automated incident analysis and response, and compliance reporting for IT infrastructure.
The main applications are threat detection, automated incident analysis and response, and compliance reporting for IT infrastructure.
SolarWinds Security Event Manager (SEM) Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
SolarWinds Security Event Manager (SEM) Screenshots
SolarWinds Security Event Manager (SEM) Video
Security Event Manager - Overview
SolarWinds Security Event Manager (SEM) Competitors
SolarWinds Security Event Manager (SEM) Technical Details
| Deployment Types | On-premise |
|---|---|
| Operating Systems | Windows |
| Mobile Application | No |
SolarWinds Security Event Manager (SEM) Downloadables
Frequently Asked Questions
SolarWinds LEM is security information and event management (SIEM) software.
Splunk Enterprise Security (ES), LogRhythm NextGen SIEM Platform, and ManageEngine EventLog Analyzer are common alternatives for SolarWinds Security Event Manager (SEM).
Reviewers rate Host and network-based intrusion detection highest, with a score of 10.
The most common users of SolarWinds Security Event Manager (SEM) are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(120)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Pros
- Cons
- Recommendations
Easy Configuration Process: Many users have expressed their positive experiences with the configuration process of SolarWinds, noting that it is easy and straightforward. This indicates that the product provides a user-friendly interface for making necessary adjustments, making it convenient for users to set up and customize according to their needs.
Excellent Customer Support: Several reviewers have praised the expertise and effectiveness of SolarWinds' customer support team in resolving issues. They have found the assistance provided by the support team to be valuable in addressing any concerns or difficulties they encountered while using the product.
Efficient Log Collection and Normalization: Users appreciate the centralized log collection and normalization feature offered by SolarWinds. This functionality streamlines the monitoring and analysis process by efficiently collecting logs from various sources and normalizing them into a consistent format. This allows for easier management and analysis of log data, saving users time and effort.
Confusing User Interface: Users have expressed dissatisfaction with the confusing user interface of SolarWinds SEM, which has made tasks difficult to accomplish. Many reviewers have specifically mentioned that they struggled to navigate and understand the UI.
Limited Reporting Capabilities: Users have found the reporting capabilities of SEM to be limited and not intuitive. They have suggested the need for a better report generation tool that offers more flexibility and customization options.
Poor Integration with Other Products: Several users desired better integration between SEM and other products in the SolarWinds line, such as NPM. They mentioned difficulties in achieving seamless integration, which hindered their ability to effectively manage their network infrastructure.
Users have provided several recommendations based on their experiences with SolarWinds Security Event Manager. The three most common recommendations are:
-
It is important to have a detailed plan before deploying the tool. This will help meet expectations and ensure effective usage.
-
Users highly recommend SolarWinds Security Event Manager as a reliable security solution. It provides comprehensive log monitoring and is particularly useful for tracking equipment, communication lines, and backup programming.
-
Before making a decision, users suggest evaluating whether SolarWinds Security Event Manager meets the specific requirements of your company. Consider factors such as company size, data protection needs, scalability, user intuitiveness, ease of installation, and cost-effectiveness.
It's worth noting that while some users find the software easy to use and understand, others mention concerns about its pricing and suggest exploring alternative options like PRTG or OpManager.
Attribute Ratings
Reviews
(1-25 of 27)Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
We use SEM to collect and analyze events from servers and routers. We can find the issues, like incorrect user logon and most port visit on router from SEM reports.
- quickly find top logon failure user, which is suspect of malware infection
- easily find most visited port on the routers to find possible attack
- SEM traffic type sort report is useful tool to control unnecessary network usage
- wish SEM could update by itself
March 30, 2022
Set-and-Forget with as needed functionality
We use SEM on a daily basis in our environment as per our built-out rules. We are notified of certain security events as they happen. Aside from that, we access SEM to run queries on an as-needed basis. With this we have a monitor running in the background keeping an eye on the events we want to monitor.
- Runs without issue
- Logs extensive detail
- The user interface to be more user friendly
- The query builder is tedious to use
This tool is very beneficial for securing our network environment and systems from any defects in our companies. This tool is our main SIEM solution. We are using SEM as a log collection and event generated on our server farms (local and DMZ). And also we are using real-time monitoring for some specific events defined by our security team.
- Log collection
- User-friendly and Easy dashboards
- Queries seeped (according to our size)
- log data parsing is good. if you upgrade some systems, most likely SEM will recognize it
- Agent installations are easy but there are some meaningless steps
- Can be add an advanced reporting process or module
March 13, 2022
S-Short E-Effective M-Monitoring Solution!!!
Utilize SEM for log aggregation purposes on network devices. The primary scope of your use case is to log, monitor, and investigate for technical problems.
- Log collection.
- Graphical representation of collected logs.
- Rules to trigger and send emails for quick identification and monitoring.
- File Integrity Monitoring
- Better UI to search and track logs
- Connectors compatibility issues
January 28, 2022
Log Police - The Best at Logging Events and Collection
At the university I work we use SolarWinds Security Event Manager. It is used to collect logs from firewalls, routers, switches, wireless controllers, NPS servers, and Domain Controllers. We then use this data to analyze and generate required reports on any incidents. Having all the info in one location makes analyzing events far simpler.
- Customizable event filters
- Awesome user interface
- Easy to configure connectors
- Needs better integration with SolarWinds NPM. This is the only Solarwinds product we use that isn't integrated.
- It needs a more lightweight client.
January 19, 2022
Review of SolarWinds Security Event Manager
I use SEM to Centralize log collection for my domain controllers, file servers, NPS servers, and Firewalls. Using SEM we are able to have all logs in one place and use that data to generate necessary reports. Products work great and once it was set up there was not any need to go back into the configuration.
- Collect logs.
- Generate reports.
- Great user interface.
- I would like the client to be more lightweight.
- I would like a mobile app.
July 26, 2021
Great for Continental Enterprises
SolarWinds Security Event Manager (SEM) was included in the short list of SIEM solutions for our SOC solution. SolarWinds Security Event Manager (SEM) dashboard was comprehensive and the UI was intuitive and easy to customize. The 'out-of-the-box setup was easy and hit the floor running with minimal configuration when paired with SolarWinds Network Performance Monitor or Server and Application Monitor.
- SOC Dashboard
- Compliance Reporting
- Node Health
- User Logon Events Dashboard
- Poor Performance for 10,000+ elements
- Poor Performance for real-time dashboard when over 10K nodes
- Poor database performance for extra large global enterprise
April 01, 2021
Solarwinds (SEM) experience
We are using Solarwinds (SEM) for event monitoring and responding to [an] event. This is used to monitor [events] across the business. We want to use the SEM to address so many problems but Solarwind's customer service has not been great as they don't even try to [put] themselves in customer's shoes. [They] allow customers to deal with issues themselves, providing little or no support to help customers.
- It gives you [the] ability to see logs in one central location
- Inbuilt rules and filters
- How to build custom [rules] for individual purposes (e.g. rules for Admin users on critical systems, log on, log off, brute force, scanning)
- Customer support should be timely and available
- Videos to onboarding systems should be made ( e.g, websites, servers, wireless access point, active directories, firewalls, Domain controls, etc)
- Hard to achieve unwanted logs
- Updates for SEM users should be made available (New features and usability)
- No user-friendly support
- No health check of the SEM by Solarwinds
- Support needs to improve
- Videos to be sent to users on how to create custom rules to fit individual purposes
- Training on each feature of the SEM tool should be made available in a specific location on SolarWinds website
- Best practice videos and use cases should be made available
December 09, 2020
SolarWinds Security Event Manager Review
SolarWinds Security Event Manager is utilized by the Information Technology department. Individuals on multiple IT teams have email alerts set up to notify them about events that require action. Additionally, the Security Event Manager is also utilized when there is a need to look at the logs to identify the root cause of a problem. For example, user account lockouts at a time the user wasn't in the office. It addresses multiple business problems by letting us know when something requires our attention.
- Easy to utilize--the rules are straightforward and pre-configured. You just have to customize them to fit your environment.
- Great customer service, which is incredibly useful when you want help with better utilizing the SEM.
- Easy and clear filters when looking for specific information without your environment.
- The SEM can be rather slow--an increase in CPU and RAM appeared to fix this problem fairly easily though.
- The SEM has lately required reboots for us fairly often. This is something we are currently working with support to resolve.
- The SEM could release additional graphic options to help better display data to management.
December 09, 2020
SEM is a good product
We use SolarWinds security event manager to help provide insight to all of our logs across our organization. It provides a single pane of glass to this information. We’ve had great success and using the dashboards and some of the automated process is that we can put in place.
- Insight to suspicious events.
- Automated response to common issues.
- Reports.
- Interface.
- Reporting.
- Notifications.
December 08, 2020
The SolarWinds SEM: Cost effective centralized log management tool that helps your audit and security.
The Solarwinds SEM is used for our client for 24/7 incident monitoring and reporting. The primary use is for account events, such as lockouts, disablement, and enablement to both user and computer accounts. It really works well in correlation and helps to stick with the audit and compliance. With a user-friendly web interface and automation modules, SolarWinds is an overall excellent cost-effective SIEM product if the intention is just to monitor for security incidents by manually created correlation rules.
- Has a nice user-friendly interface. Some SIEM can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
- The logging agent in the source device is really simple to deploy and integrate.
- Monitoring and reporting the account disablement with detail to whoever disabled an account for audit and compliance.
- Some logs are not parsed well, happen to depend on the external log parser tool.
- The update method needs to be made even simpler, auto update would be better.
- The email alert features with SolarWinds will send a large number of emails if the number of alerts email. The duplication of email alerting needs to be reduced.
December 08, 2020
Solarwinds - great product with a few small flaws.
SolarWinds has been implemented across our network as a systems management platform for server, applications and high value workstations. I assisted it's implementation with the systems that I administer across the region. It allows us to track the health of critical services and to quickly identify and address problems as they occur.
- We use the client on register systems as event forwarders and log collection.
- It enables us to verify the access security to high value workstations and register systems.
- It provides a repository storage for log files so that they do not solely exist on workstations.
- It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.
- Within the scope of my role I have noticed that the client can be problematic during system startup - some of the register systems we use are older and have lower resolution screens. When the client loads it pops up on screen but completely out of scale (to clarify, it may open a window that is 14x14 inches on a screen that only displays 10x10 inches. This is more frustration than a functional problem.
- Automated rollout would be useful but it is outside of my scope in my job to even know if it already has automated install capability.
- The GUI itself is a little clunky and there is somewhat of a learning curve - training is provided to clients however a friendlier interface would be helpful.
November 11, 2020
SolaWinds SEM--Worth every penny!
SolarWinds Security Event Manager is used to collect, review, and analyze system logs from servers, workstations, and network devices. Used by one department, it solves the problem of having to go through long log files trying to find and make sense of an event. It also helps with reporting for compliance purposes.
- Graphs showing important events
- First-time setup and addition of new devices is easy and organized
- Performance is excellent
- Reporting could allow for more customization
- Better integration with other products of SolarWinds line
- More alert options
November 04, 2020
SEM - Good product, reasonable price point
We use Solar Winds Security Event Manager (SEM) across our entire organization. It enables our company to monitor and manage events and provide reporting required for PCI and ISO compliance initiatives.
- Brings together security events from multiple system sources.
- Allows IT to review and manage security related events.
- Provides convenient filters/views allowing us to narrow down the data we want to see.
- Some improvements in user documentation could be helpful.
October 23, 2020
SEM review of a SolarWinds fanboy at heart
We are currently using it within our Operations team to monitor events and alert others of security events and anomalies that it detects. I would like to recommend this product to any business needing to increase their security posture and get better alerts and more reliable data to look at to assist with the root cause and security monitoring.
- Automated threat detection
- Log collection
- Live filtering
- Custom rules
- Alerting can be confusing to configure
- The dashboards and widgets look a little old as with all SolarWinds products
- The initial setup can take a lot of time
Our organization chose to invest in SolarWinds Security Event Manager because we needed a centralized log management and correlation solution that can be quickly and seamlessly integrated into our global infrastructure. It is very easy to provision by simply installing additional modules onto the Solarwinds server and pointing all of the network/systems devices to it. Having log data in one central location has a huge benefit. For example, troubleshooting an issue on a network can now be done by multiple teams where everyone with access to SEM can search the log repository. The live filtering and historical search capabilities make it easy to get the necessary evidence and the time stamp of what the issue is and when it started. The built-in templates are also helpful in analyzing and targeting specific log data.
- Advanced search capabilities across all log data, powered by a quick engine to minimize the delay.
- Built-in or customized templates.
- Alerting capabilities.
- More advanced log correlation mechanisms with better filtering capabilities.
January 31, 2020
SolarWinds Security Event Manager: A "log" above everyone else
SolarWinds Security Event Manager is a log and event manager that we implemented to replace our Cisco MARS appliance. This system is used by our security team to monitor and log events throughout the entire organization. From an alerting point of view, SolarWinds Security Event Manager makes our monitoring simpler and more refined. By allowing us to create and set email alerts on important and critical events, SolarWinds Security Event Manager allows a hands-off approach, so that we don't have to review hundreds of lines of alerts to get the critical information, saving us time and effort.
- Allows log collecting from almost any source of data, using multiple types of authentication and collection (i.e. SNMP, WMI, etc.)
- Allows customization of dashboards per user, so that you can quickly find the information relevant to your position.
- The dashboard and reports use javascript, which can be slow to load.
- To get it up and running was fast, however, to correctly configure proper alerts, you have to spend a ton of time.
It is being used, at this time, only by my department. We use it to collect logs from all our network devices, servers, and other devices we use to support our services. It is useful for us to have all of our logs in a single place and searchable.
- SEM normalizes logs very well. It is simple to be able to compare fields in logs from say a Cisco router and a Windows server, especially timestamps.
- SEM has great flexibility in customizing its various aspects, especially its correlation rules and reports.
- SEM doesn't support out-of-the-box several device manufacturers that are used in my environment. For example, Peplink and Netonix.
- I have to purchase a separate log parser tool rather than having it included in SEM.
We are using the Security Event Manager to keep track of a number of things.
Configuration changes for our Core network And campus devices which include nexus and Cisco iOS routers, switches and firewalls. We use it as a way to audit admin login failures. Our Device Syslog is sent to it. We use it to keep analyze network traffic when troubleshooting.
- It does a great job of notifying us when accounts have been locked out. We can then find out the device on the network where the login attempt occurred.
- Searching for incidents is now a lot faster with the implementation of the HTML 5 interface.
- Some aspects have not been fully integrated into HTML 5. Those are still a bit slow to access.
- Need an easier way to upgrade the software. SSH to the console and running the commands to connect to the TFTP server is archaic. Needs an “update” button.
November 17, 2019
These Events will "Blow" You Away!
SolarWinds Security Event Manager is being used by our networking and security team on a daily basis. Often times changes to accounts or to your Microsoft Active directory will be logged, but not alerted. This can lead to a false sense of the current state of your accounts and can make a team "blind" to what is happening inside systems. SolarWinds SEM allows teams to receive emails based on pre defined parameters.
- SolarWinds easily provides the much needed visibily into changes in an Active Directory (AD) environment. Email alerting can be configured to alert a team if an account is locked out, disabled by another users, or if users and/or computers accounts are created.
- SolarWinds allowed a searchable audit feature. Microsoft Windows can be configured to log many different parts of a system, but search those logs can be difficult. SEM allows you to search for specific users or events.
- All SolarWinds product suffer from slow response times in management portals. SolarWinds SEM is no exception. While it is much preferred over a "thick client" there is much room for improvement in speed.
- If you use the email alert features with SolarWinds make sure to prepare you staff and team for the large amount of emails they could receive. Make sure to reduce the number of alerts so your team does not ignore the alerts.
October 09, 2019
SolarWinds LEM: Useful and Low Cost SIEM Solution for SMBs
We initially started using SolarWinds Security Event Manager(previously Log and Event Manager) to meet a security compliance requirement. Once I spent some time with it, I realized that I could use it for alerting on specific events and activities that our users were interested in. For instance, we used the File Integrity Module on our HR file share to alert the HR manager when files were added or deleted, and then we sent a weekly report to that department with all read/write activity. We also used it to monitor AD changes, and the email alerts were really useful in producing historical information about what changes had been made recently.
- Compared to other SIEMs, it's relatively easy to get up and running. The virtual appliance is easy to maintain.
- Support was top notch. The support team really knows their stuff when you run into an issue.
- The email alert system is easy to use and attach to a fired rule.
- Compared to other SIEMs, there are features that are missing. Machine learning, automatic event correlation, ability to correlate multiple sources together.
- The UI is clunky, and the *New* event log analyzer page felt really disjointed from the rest of the product.
- In my experience, the dashboards were almost unusable. They persisted across login per device, and even then they sometimes would reset and go back to the ''Getting Started'' look.
March 15, 2019
SolarWinds Log & Event Manager: Exactly as Advertised
SolarWinds Log & Event Manager is used by our company's IT department to monitor events on domain controllers in locations across the globe. The primary use is for account events, such as lockouts, disablement, and enablement to both user and computer accounts. It is a more proactive way to give attention to user account management. While not an originally intended use, the node health section also lets us know if a domain controller is not acting properly.
- Monitors account lockouts and reports them with detail so that it is easier to solve this with end users.
- Monitors and reports account disablement with detail to whoever disabled an account, for audit and accountability.
- Also, monitors and reports account enablement with detail to whoever enabled an account, again for audit and accountability.
- Flash-based UI can lag, HTML5 would be preferred
- Availability for custom widgets, but you need a bit of training to get things done right unless you have time for trial and error.
- It only knows what it knows for account lockouts. If a source machine isn't available in the Event Viewer ID that triggers the alert, it does not have any extra tools to help it determine the issue.
February 28, 2019
LEM, your one stop shop for Security Event and Incident Management!
As a Network Monitoring Engineer and instructor, I see many Government and Military IT Organizations choose LEM as their primary Security Event and Incident Manager(SEIM) across all of their networks. LEM allows them to have a consolidated, normalized view of both their server and network environments. Having a consolidated view provides SolarWinds customers with the ability to correlate multiple security events across disparate systems and greatly reduces the amount of time and effort to detect and respond to potential security intrusions.
- One of the most valuable features of SolarWinds LEM is its ability to normalize logs from differing systems into one common format. LEM normalization saves time and effort in doing forensic analysis by letting security personnel see the "whole picture" of their network in one place.
- LEM's Active Response capability makes it easy to watch a security event happen in real time and to take immediate action. For example, LEM can very efficiently allow security personnel to logoff suspect users or even restart important Windows Server processes in real time, before further intrusion can happen.
- LEM has a lot of out of the box features that allow for the quick implementation of security policy across many industries. LEM can provide immediate compliance monitoring and management for standards such as PICA, HIPAA and DISA-STIG.
- The number one challenge for SolarWinds customers I see is LEM's reporting software. LEM Reporter, a standalone Windows Application, is not as intuitive as customers would like and they report some instability in the application itself. Customers tend to use LEM's search scheduling as a more effective way to report on security events.
- Performance has been an issue based on LEM's use of a Flash interface. This has been a limitation for a long time. However, with the transition of the LEM interface from Flash to HTML5, customers are reporting much better performance starting in LEM 6.5
- Every one of my customers makes some comment about LEM's very high learning curve. LEM is not very intuitive, requiring a lot of rote learning through repetition. Many LEM customers request some type of training to help them learn to use it.
We use LEM for two main purposes. First, to replace an obsolete Cisco MARS appliance that captured a couple of days' worth of packets from our firewalls for forensic purposes. Second, to provide notification to staff of AD events such as account lockouts and administrator logins. Users are strictly within the infrastructure team of the IT department.
- Able to ingest full Syslog output from three enterprise firewalls.
- Able to detect and alert on specific Active Directory events.
- The interface for creating alerts is onerous. It is necessary to dig out the exact event ID of anything you want to alert on.
- Early versions required a separate server to host a FastBit database, but that requirement has been eliminated with the latest release; SQL is now required.
We are currently using Solarwinds LEM to pull logs from about 150 servers. We have also worked to get logs pulled from some barracuda load balancers and also a barracuda message archiver. We have alerting set on account lockouts and some other security events. LEM has helped notify us of account attacks and has also been valuable to reviewing both application and security logging when we need to cross reference servers or look at historical data.
- LEM's console interface works well to narrow down all the logs into a view able format.
- You can customize alerting triggers off of any event conditions.
- the logging agent is relatively small and easy to deploy.
- In order to navigate the console smoothly and set alerting in place, you need to go through their training.
- All your configuration is done by hand. There are no built in analytics or alerting to help you.
- I've found the reporting, real time and otherwise, to be slow and unruly. There are some updates and work a rounds that we have applied to help optimize the process, but if you try to pull to many logs, or over too long a period of time it will often time out.
- The logging and reporting is dependent on the server automatically determining the type of server and logs it is getting. If it doesn't properly tag the logs, then they are essentially gone, lost, unsearchable. There is no good way to manually tell the server to classify the logs, which makes the process either difficult or impossible at times.