Overall Satisfaction with SolarWinds Security Event Manager (SEM)
SolarWinds SEM is used in our operational technology infrastructure to collect and analyze logs from critical systems, those that are part of or manage the infrastructure, and also systems themselves such as the control system(s). It is used to identify issues like account failures and unexpected configuration changes, as well as being a general centralized logging system. The only shortcoming is that it would be great if it could be used as a centralized logging system even for devices that do not have log processors. We have a number of devices not yet supported and just to have the logs in would be useful, rather than setting up a separate Syslog server.
- Visualization: the UI is slick and easy to follow.
- Filtering and Sorting: narrowing down logs is powerful.
- Windows event log parsing
- Device support: less common devices do not have drivers. An SDK or generic one to customize would be useful.
- Generic syslog: some standalone syslog solutions without parsing are more powerful just for log analysis.
- Traceability: tracing log events back to the source needs to be done in the older flash UI until implemented in the new UI.
- It has not been operational long enough to determine ROI.
This was recommended to us by a vendor. As we were using other SolarWinds products, we did not analyze many options.