Thousands of resource-constrained IT and security pros rely on SolarWinds Security Event Manager (SEM) for affordable and efficient threat detection, automated incident analysis and response, and compliance reporting for their IT infrastructure. Our SIEM solution combines log management, threat detection, normalization and correlation, forwarding, reporting, file integrity monitoring, user activity monitoring, USB detection and prevention, threat intelligence, and active response in a virtual appliance that’s easy to deploy, manage, and use. We’ve designed our SIEM to provide the functionality you need without the complexity and cost of most other enterprise SIEM solutions.
Collects, consolidates, normalizes, and visualizes logs and events from firewalls, IDS/IPS devices and applications, switches,routers, servers, OS, and other applications
Performs real-time correlation of machine data to identify threats and attack patterns
Responds to suspicious activity automatically with Active Response, including blocking USB devices, killing malicious processes, logging off users, and more
Eases compliance reporting and audits with out-of-the-box reports and filters for HIPAA, PCI DSS, SOX, ISO, DISA STIGs,FISMA, FERPA, NERC CIP, GLBA, and more
Offers an intuitive interface and ample selection of out-of-the-box content, meaning you don’t need to be a security or compliance expert to get value from SolarWinds SEM
Affordable, scalable licensing based on log-emitting sources, not log volume
Features:
Easy Collection and Normalization of Network Device and Machine Logs:
Security Event Manager comes with hundreds of out-of-the-box connectors to simplify the process of collecting, standardizing, and cataloging log and event data generated across your network. Our industry leading log compression rate allows more data to be stored with fewer resources required.
Customizable Visualizations and Dashboard:
Quickly identify important or suspicious patterns in machine data with a wide variety of customizable visualizations and a flexible dashboard. Drill into interesting patterns with a click of a button and see the full list of related logs and their details.
Powerful and Simple Searching for Forensic Analysis and Troubleshooting:
Security Event Manager is designed to allow users to quickly find important log data using simple keyword searches in both real-time event data as well as historical data at predefined or custom time periods. Out-of-the-box and user-defined filters also provide fast data refinement.
Real-Time, In-Memory Event Correlation:
By processing and normalizing log data before it’s written to the database, Security Event Manager can deliver true real-time log and event correlation. Predefined and custom correlation rules allow Security Event Manager to automatically alert on possible security breaches and other critical issues.
Out-of-the-Box Security and Compliance Reporting Templates:
Security Event Manager makes it easy to generate and schedule compliance reports quickly using over 300 report templates and a console allowing for customizable reports to meet your organization’s specific needs.
Threat Intelligence Feed and Groups:
Correlation rules are enhanced with a fully integrated, regularly updating threat intelligence feed that automatically identifies and tags malicious activity from known bad IPs. Easily build groups containing values relevant to your environment, such as user and computer names, sensitive file locations, and approved USB devices. These groups can be auto populated via correlation rules and can help simplify searching and reporting.
Built-in Active Response:
Security Event Manager can do much more than trigger email alerts. SEM is designed to immediately respond to security, operational, and policy-driven events using predefined responses, such as quarantining infected machines, blocking IP addresses, killing processes, and adjusting Active Directory® settings.
Enhanced, Real-Time File Integrity Monitoring:
Embedded File Integrity Monitoring (FIM) is designed to deliver broader compliance support and deeper security intelligence for insider threats, zero-day malware, and other advanced attacks. Leverage enhanced filter capabilities for finer tuning and significantly reduce the noise associated with lower priority file changes, increasing productivity and efficiency.
USB Detection and Prevention:
Security Event Manager can help prevent endpoint data loss and protect sensitive data with real-time notifications when USB devices connect, the ability to automatically block their usage, and built-in reporting to audit USB usage.
Log Forwarding and Exporting:
Security Event Manager forwards raw log data with syslog protocols (RFC 3164 and RFC 5244) to other applications for further use. Additionally, users can export logs to a CSV file so the data can be shared with other teams and external vendors, uploaded to other tools, or attached to helpdesk tickets.
Live and Historical Events:
See events stream in near real time on the Live Events tab. You can also see key trends by analyzing historical data via simplified network event searches in the Historical Events tab. The intuitive query builder presents tips and suggestions as you enter query parameters; then the event histogram and custom time picker allow you to zero in on specific results in a designated time span. Plus, you can save, load, browse, or schedule common searches in the historical events tab.
Thousands of resource-constrained IT and security pros rely on SolarWinds Security Event Manager (SEM) for affordable and efficient threat detection, automated incident analysis and response, and compliance reporting for their IT infrastructure. Our SIEM solution combines log management, threat detection, normalization and correlation, forwarding, reporting, file integrity monitoring, user activity monitoring, USB detection and prevention, threat intelligence, and active response in a virtual appliance that’s easy to deploy, manage, and use. We’ve designed our SIEM to provide the functionality you need without the complexity and cost of most other enterprise SIEM solutions.
Collects, consolidates, normalizes, and visualizes logs and events from firewalls, IDS/IPS devices and applications, switches,routers, servers, OS, and other applications
Performs real-time correlation of machine data to identify threats and attack patterns
Responds to suspicious activity automatically with Active Response, including blocking USB devices, killing malicious processes, logging off users, and more
Eases compliance reporting and audits with out-of-the-box reports and filters for HIPAA, PCI DSS, SOX, ISO, DISA STIGs,FISMA, FERPA, NERC CIP, GLBA, and more
Offers an intuitive interface and ample selection of out-of-the-box content, meaning you don’t need to be a security or compliance expert to get value from SolarWinds SEM
Affordable, scalable licensing based on log-emitting sources, not log volume
Features:
Easy Collection and Normalization of Network Device and Machine Logs:
Security Event Manager comes with hundreds of out-of-the-box connectors to simplify the process of collecting, standardizing, and cataloging log and event data generated across your network. Our industry leading log compression rate allows more data to be stored with fewer resources required.
Customizable Visualizations and Dashboard:
Quickly identify important or suspicious patterns in machine data with a wide variety of customizable visualizations and a flexible dashboard. Drill into interesting patterns with a click of a button and see the full list of related logs and their details.
Powerful and Simple Searching for Forensic Analysis and Troubleshooting:
Security Event Manager is designed to allow users to quickly find important log data using simple keyword searches in both real-time event data as well as historical data at predefined or custom time periods. Out-of-the-box and user-defined filters also provide fast data refinement.
Real-Time, In-Memory Event Correlation:
By processing and normalizing log data before it’s written to the database, Security Event Manager can deliver true real-time log and event correlation. Predefined and custom correlation rules allow Security Event Manager to automatically alert on possible security breaches and other critical issues.
Out-of-the-Box Security and Compliance Reporting Templates:
Security Event Manager makes it easy to generate and schedule compliance reports quickly using over 300 report templates and a console allowing for customizable reports to meet your organization’s specific needs.
Threat Intelligence Feed and Groups:
Correlation rules are enhanced with a fully integrated, regularly updating threat intelligence feed that automatically identifies and tags malicious activity from known bad IPs. Easily build groups containing values relevant to your environment, such as user and computer names, sensitive file locations, and approved USB devices. These groups can be auto populated via correlation rules and can help simplify searching and reporting.
Built-in Active Response:
Security Event Manager can do much more than trigger email alerts. SEM is designed to immediately respond to security, operational, and policy-driven events using predefined responses, such as quarantining infected machines, blocking IP addresses, killing processes, and adjusting Active Directory® settings.
Enhanced, Real-Time File Integrity Monitoring:
Embedded File Integrity Monitoring (FIM) is designed to deliver broader compliance support and deeper security intelligence for insider threats, zero-day malware, and other advanced attacks. Leverage enhanced filter capabilities for finer tuning and significantly reduce the noise associated with lower priority file changes, increasing productivity and efficiency.
USB Detection and Prevention:
Security Event Manager can help prevent endpoint data loss and protect sensitive data with real-time notifications when USB devices connect, the ability to automatically block their usage, and built-in reporting to audit USB usage.
Log Forwarding and Exporting:
Security Event Manager forwards raw log data with syslog protocols (RFC 3164 and RFC 5244) to other applications for further use. Additionally, users can export logs to a CSV file so the data can be shared with other teams and external vendors, uploaded to other tools, or attached to helpdesk tickets.
Live and Historical Events:
See events stream in near real time on the Live Events tab. You can also see key trends by analyzing historical data via simplified network event searches in the Historical Events tab. The intuitive query builder presents tips and suggestions as you enter query parameters; then the event histogram and custom time picker allow you to zero in on specific results in a designated time span. Plus, you can save, load, browse, or schedule common searches in the historical events tab.
