SolarWinds LEM: Useful and Low Cost SIEM Solution for SMBs
October 09, 2019
SolarWinds LEM: Useful and Low Cost SIEM Solution for SMBs
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with SolarWinds Security Event Manager
We initially started using SolarWinds Security Event Manager(previously Log and Event Manager) to meet a security compliance requirement. Once I spent some time with it, I realized that I could use it for alerting on specific events and activities that our users were interested in. For instance, we used the File Integrity Module on our HR file share to alert the HR manager when files were added or deleted, and then we sent a weekly report to that department with all read/write activity. We also used it to monitor AD changes, and the email alerts were really useful in producing historical information about what changes had been made recently.
- Compared to other SIEMs, it's relatively easy to get up and running. The virtual appliance is easy to maintain.
- Support was top notch. The support team really knows their stuff when you run into an issue.
- The email alert system is easy to use and attach to a fired rule.
- Compared to other SIEMs, there are features that are missing. Machine learning, automatic event correlation, ability to correlate multiple sources together.
- The UI is clunky, and the *New* event log analyzer page felt really disjointed from the rest of the product.
- In my experience, the dashboards were almost unusable. They persisted across login per device, and even then they sometimes would reset and go back to the ''Getting Started'' look.
- For the price, it produced a decent value. It did a lot of the easy stuff well. I can't give any specific data given the objective of the product was to monitor very basic events in the environment.
- There are free options that can do a better job.
I inherited SolarWinds and did my best with it. Once I felt like I pushed it to it's limits and my expectations of what a SIEM should do over time changed, I started looking at other products.
SolarWinds: Has great support, a good amount of online documentation, the best native alerting rules and triggers
OSSIM: Has cross-source correlation built in, threat pulses are updated hourly, completely free
Elastic SIEM: What we eventually moved to. It took some time to get up and running. It does the best job with event retention and searching, has anomaly exploring machine learning jobs, and feels like it gives the best view of what's going on in the environment. With Wazuh HIDS deployed on every machine, it also gives FIM capabilities while also providing extra context in any threat hunting incidents.
SolarWinds: Has great support, a good amount of online documentation, the best native alerting rules and triggers
OSSIM: Has cross-source correlation built in, threat pulses are updated hourly, completely free
Elastic SIEM: What we eventually moved to. It took some time to get up and running. It does the best job with event retention and searching, has anomaly exploring machine learning jobs, and feels like it gives the best view of what's going on in the environment. With Wazuh HIDS deployed on every machine, it also gives FIM capabilities while also providing extra context in any threat hunting incidents.
Do you think SolarWinds Security Event Manager (SEM) delivers good value for the price?
Yes
Are you happy with SolarWinds Security Event Manager (SEM)'s feature set?
No
Did SolarWinds Security Event Manager (SEM) live up to sales and marketing promises?
Yes
Did implementation of SolarWinds Security Event Manager (SEM) go as expected?
Yes
Would you buy SolarWinds Security Event Manager (SEM) again?
No