SolarWinds LEM: Useful and Low Cost SIEM Solution for SMBs
October 09, 2019

SolarWinds LEM: Useful and Low Cost SIEM Solution for SMBs

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with SolarWinds Security Event Manager

We initially started using SolarWinds Security Event Manager(previously Log and Event Manager) to meet a security compliance requirement. Once I spent some time with it, I realized that I could use it for alerting on specific events and activities that our users were interested in. For instance, we used the File Integrity Module on our HR file share to alert the HR manager when files were added or deleted, and then we sent a weekly report to that department with all read/write activity. We also used it to monitor AD changes, and the email alerts were really useful in producing historical information about what changes had been made recently.
  • Compared to other SIEMs, it's relatively easy to get up and running. The virtual appliance is easy to maintain.
  • Support was top notch. The support team really knows their stuff when you run into an issue.
  • The email alert system is easy to use and attach to a fired rule.
  • Compared to other SIEMs, there are features that are missing. Machine learning, automatic event correlation, ability to correlate multiple sources together.
  • The UI is clunky, and the *New* event log analyzer page felt really disjointed from the rest of the product.
  • In my experience, the dashboards were almost unusable. They persisted across login per device, and even then they sometimes would reset and go back to the ''Getting Started'' look.
  • For the price, it produced a decent value. It did a lot of the easy stuff well. I can't give any specific data given the objective of the product was to monitor very basic events in the environment.
  • There are free options that can do a better job.
I inherited SolarWinds and did my best with it. Once I felt like I pushed it to it's limits and my expectations of what a SIEM should do over time changed, I started looking at other products.

SolarWinds: Has great support, a good amount of online documentation, the best native alerting rules and triggers
OSSIM: Has cross-source correlation built in, threat pulses are updated hourly, completely free
Elastic SIEM: What we eventually moved to. It took some time to get up and running. It does the best job with event retention and searching, has anomaly exploring machine learning jobs, and feels like it gives the best view of what's going on in the environment. With Wazuh HIDS deployed on every machine, it also gives FIM capabilities while also providing extra context in any threat hunting incidents.
Support is above and beyond what I typically deal with from IT products. I've never had a support ticket go unanswered for longer than an hour, and within another hour someone was ready and able to help with the issue. Their support staff is all in-house, and they actually know the product they're supporting.

Do you think SolarWinds Security Event Manager (SEM) delivers good value for the price?


Are you happy with SolarWinds Security Event Manager (SEM)'s feature set?


Did SolarWinds Security Event Manager (SEM) live up to sales and marketing promises?


Did implementation of SolarWinds Security Event Manager (SEM) go as expected?


Would you buy SolarWinds Security Event Manager (SEM) again?


Smaller companies just getting started with looking at security products would like the product. Also, maybe smaller companies without dedicated security staff that just need something for some bare minimum requirements. It does some of the easy stuff pretty well, and there's no massive learning curve.

Bigger companies or companies with dedicated security staff will likely look at other options. This seems like an entirely mid-market only purchase. If you want to be able to correlate events from multiple sources, not just agent-based windows logs, you'll likely need to look elsewhere. While you can also forward syslog to the appliance, you can't enrich any data or use sources like NIDS/HIDS logs. This product will not give you a true single pane of glass like some offerings.

SolarWinds Security Event Manager (SEM) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces