TrustRadius Insights for SolarWinds Security Event Manager (SEM) are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Easy Configuration Process: Many users have expressed their positive experiences with the configuration process of SolarWinds, noting that it is easy and straightforward. This indicates that the product provides a user-friendly interface for making necessary adjustments, making it convenient for users to set up and customize according to their needs.
Excellent Customer Support: Several reviewers have praised the expertise and effectiveness of SolarWinds' customer support team in resolving issues. They have found the assistance provided by the support team to be valuable in addressing any concerns or difficulties they encountered while using the product.
Efficient Log Collection and Normalization: Users appreciate the centralized log collection and normalization feature offered by SolarWinds. This functionality streamlines the monitoring and analysis process by efficiently collecting logs from various sources and normalizing them into a consistent format. This allows for easier management and analysis of log data, saving users time and effort.
Loading Reviews List....
SolarWinds Security Event Manager (SEM) Reviews
3 Reviews
Engineering
Search is temporarily unavailable. Filters are still applied.
SolarWinds Security Event Manager is used to collect, review, and analyze system logs from servers, workstations, and network devices. Used by one department, it solves the problem of having to go through long log files trying to find and make sense of an event. It also helps with reporting for compliance purposes.
Pros
Graphs showing important events
First-time setup and addition of new devices is easy and organized
Performance is excellent
Cons
Reporting could allow for more customization
Better integration with other products of SolarWinds line
More alert options
Likelihood to Recommend
SolarWinds Security Event Manager is best suited for environments with many devices that need to be secured and are high availability, where any down time needs to be resolved quickly and the cause of a failure needs to be investigated and determined with good degree of precision. It's also suited for environments that need to be kept in compliance according to several standards. Many standards and policies require the keeping and review of logs for several years back.
SolarWinds SEM is used in our operational technology infrastructure to collect and analyze logs from critical systems, those that are part of or manage the infrastructure, and also systems themselves such as the control system(s). It is used to identify issues like account failures and unexpected configuration changes, as well as being a general centralized logging system. The only shortcoming is that it would be great if it could be used as a centralized logging system even for devices that do not have log processors. We have a number of devices not yet supported and just to have the logs in would be useful, rather than setting up a separate Syslog server.
Pros
Visualization: the UI is slick and easy to follow.
Filtering and Sorting: narrowing down logs is powerful.
Windows event log parsing
Cons
Device support: less common devices do not have drivers. An SDK or generic one to customize would be useful.
Generic syslog: some standalone syslog solutions without parsing are more powerful just for log analysis.
Traceability: tracing log events back to the source needs to be done in the older flash UI until implemented in the new UI.
Likelihood to Recommend
SolarWinds Security Event Manager is good for detecting events out of the ordinary, however, getting it to the point where 'normal' or 'ok' activity is hidden is time-consuming and can be difficult. It is good as a general dashboard to identify security events or where changes have had unexpected impacts, not as good as a general log server for analysis.
It addresses the issue of audit requirement by utilizing log consolidation (syslog, traps, windows log). For windows, an agent needs to be deployed. SEM normalizes the data for several fields so that it is easier to locate the specific event from the 10 million events received per day. The GUI is split into two parts. The first part is part of the new GUI which has dashboard, monitor, nodes, rules, groups (limited). The second is the older GUI where the other functions are. I tend to stay in the older GUI unless the function has been moved over to the new GUI. There is a third interface which can be reached by SSHing to the SEM. This allows to us to diagnosis any issues with the SEM. It is generally used by the security team, but read-only access has been given to the networking and windows team to enable them to search for specific log entries.
Pros
Parses the logs into several comment fields to make the search easier
Can scale up to 218 million per day
Cons
For large amount of events, there is an unreasonable amount of CPUs and Memory needed
Reporting function has not been updated in many years and is very difficult to write
Likelihood to Recommend
Well suited for triggering on well-defined events, such as logon failure. The correlation engine is especially useful in triggering on dissimilar events. Overall, it captures all of the events, and using the filters to locate the events is the best application.
It is not well suited for reporting, as it is very slow, making it almost unusable. The File Integrity Monitor is a good concept but does not work well in the real world. As it generates multiple events for file delete, create, etc.